The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hetzner NetScan --> Who do it?

Discussion in 'General Discussion' started by musioc, Nov 17, 2012.

  1. musioc

    musioc Well-Known Member

    Joined:
    Aug 4, 2011
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    16
    Hello
    I was received an email from hetzner abuse department about netscan

    Code:
    time                protocol src_ip src_port          dest_ip dest_port
    Sat Nov 17 22:08:12 2012 TCP      x.x.x.x 40209 =>     67.23.129.3 80
    Sat Nov 17 22:08:13 2012 TCP      x.x.x.x 40765 =>     67.23.129.4 80
    Sat Nov 17 22:08:12 2012 TCP      x.x.x.x 33861 =>     67.23.129.5 80
    Sat Nov 17 22:08:13 2012 TCP      x.x.x.x 55047 =>     67.23.129.6 80
    Sat Nov 17 22:08:13 2012 TCP      x.x.x.x 53168 =>     67.23.129.7 80
    Sat Nov 17 22:08:13 2012 TCP      x.x.x.x 39641 =>     67.23.129.8 80
    .
    .
    .
    
    I have 24Hrs to resolve problem else they block entire server

    How can I find what account do this at that time? Is there anyway?
    Thank you
     
  2. nospa

    nospa Well-Known Member

    Joined:
    Apr 23, 2012
    Messages:
    110
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Reseller Owner
    this might be curl abuse script - verify apache logs
     
  3. musioc

    musioc Well-Known Member

    Joined:
    Aug 4, 2011
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    16
    Hello
    I think It was made by php shells or perl/cgi scripts
    I can not find any of above IPs in apache access_log or val/log/messages
     
  4. musioc

    musioc Well-Known Member

    Joined:
    Aug 4, 2011
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    16
    Is there anyway to limit number of outgoing connections?
     
  5. nospa

    nospa Well-Known Member

    Joined:
    Apr 23, 2012
    Messages:
    110
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Reseller Owner
    If they are TCP - better don't limit them, otherwise you will have trouble with users websites or other services on the server. You can try to limit outgoint UDP connections, while they are only used for NAMED in most cases.
     

Share This Page