The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

rare "dos-*" files in /tmp folder

Discussion in 'General Discussion' started by sh4ka, Oct 14, 2005.

  1. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    442
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    cPanel Access Level:
    DataCenter Provider
    Minutes ago was looking at my /tmp folder and found that I have lot of files like these, but with differents IP numbers (replaced numbers = "x" ):

    Code:
    -rw-r--r--    1 nobody   nobody          6 oct 12 10:58 dos-213.x.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 12 18:38 dos-213.xxx.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 13 17:08 dos-213.xx.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 11 15:38 dos-62.xx.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 13 07:53 dos-62.xx.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 14:22 dos-62.14.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 13 05:56 dos-62.14.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 13 11:05 dos-62.15.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 13 13:49 dos-62.15.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 11:10 dos-62.43.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 14 18:30 dos-62.57.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 14 16:38 dos-64.60.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 17:17 dos-65.247.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 13 16:33 dos-66.128.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 10:41 dos-66.249.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 07:31 dos-xx.xxxx.xxxx.xx -- SERVER IP
    -rw-r--r--    1 nobody   nobody          6 oct 13 07:32 dos-80.103.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 09:31 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 12 08:55 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 05:31 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 08:49 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 13 15:14 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 10:43 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 11 10:47 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 14 02:27 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 13 13:48 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 05:03 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 11 12:49 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 13 12:43 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 11 10:02 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 11 06:47 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 09:19 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 11 16:16 dos-80.58.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 14 12:26 dos-81.172.xx.xx
    -rw-r--r--    1 nobody   nobody          5 oct 13 13:48 dos-81.202.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 13 15:34 dos-81.202.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 11 10:14 dos-81.202.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 23:18 dos-81.33.xx.xx
    -rw-r--r--    1 nobody   nobody          6 oct 12 06:03 dos-81.33.xx.xx
    
    I have mod_security and mod_evasive (old mod_dosevasive), BFD and APF with dshield block list..

    I'm thinking.. can be caused by some of this apps/modules that I have installed on the system? Why are there, and by what app are they generated ? Any ideas ?
     
    #1 sh4ka, Oct 14, 2005
    Last edited: Oct 14, 2005
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    If you have mod_dosevasive installed in your apache then that is the cause
     
  3. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    442
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    cPanel Access Level:
    DataCenter Provider
    Yeah... I was thinking the same.. but, why are those IPs there ? are they banned or what is the function of that there ... ??
     
  4. Servax

    Servax Member

    Joined:
    Feb 23, 2005
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    The server got DOS activity from those IPs, so they're blocked.
     
Loading...
Similar Threads - rare dos files
  1. hasnisyed
    Replies:
    3
    Views:
    317

Share This Page