Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

rare "dos-*" files in /tmp folder

Discussion in 'General Discussion' started by sh4ka, Oct 14, 2005.

  1. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    444
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Uruguay
    cPanel Access Level:
    DataCenter Provider
    Minutes ago was looking at my /tmp folder and found that I have lot of files like these, but with differents IP numbers (replaced numbers = "x" ):

    Code:
    -rw-r--r--    1 nobody   nobody          6 oct 12 10:58 dos-213.x.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 12 18:38 dos-213.xxx.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 13 17:08 dos-213.xx.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 11 15:38 dos-62.xx.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 13 07:53 dos-62.xx.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 14:22 dos-62.14.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 13 05:56 dos-62.14.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 13 11:05 dos-62.15.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 13 13:49 dos-62.15.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 11:10 dos-62.43.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 14 18:30 dos-62.57.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 14 16:38 dos-64.60.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 17:17 dos-65.247.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 13 16:33 dos-66.128.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 10:41 dos-66.249.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 07:31 dos-xx.xxxx.xxxx.xx -- SERVER IP
    -rw-r--r--    1 nobody   nobody          6 oct 13 07:32 dos-80.103.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 09:31 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 12 08:55 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 05:31 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 08:49 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 13 15:14 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 10:43 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 11 10:47 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 14 02:27 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 13 13:48 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 05:03 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 11 12:49 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 13 12:43 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 11 10:02 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 11 06:47 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 09:19 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 11 16:16 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 14 12:26 dos-81.172.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 13 13:48 dos-81.202.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 13 15:34 dos-81.202.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 11 10:14 dos-81.202.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 23:18 dos-81.33.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 06:03 dos-81.33.xx.xx
    
    I have mod_security and mod_evasive (old mod_dosevasive), BFD and APF with dshield block list..

    I'm thinking.. can be caused by some of this apps/modules that I have installed on the system? Why are there, and by what app are they generated ? Any ideas ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 sh4ka, Oct 14, 2005
    Last edited: Oct 14, 2005
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,741
    Likes Received:
    76
    Trophy Points:
    203
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    If you have mod_dosevasive installed in your apache then that is the cause
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    444
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Uruguay
    cPanel Access Level:
    DataCenter Provider
    Yeah... I was thinking the same.. but, why are those IPs there ? are they banned or what is the function of that there ... ??
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Servax

    Servax Member

    Joined:
    Feb 23, 2005
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    151
    The server got DOS activity from those IPs, so they're blocked.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice