The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

this ip address was trying to hack my sever

Discussion in 'General Discussion' started by cyo, Oct 8, 2004.

  1. cyo

    cyo Active Member

    Joined:
    Oct 26, 2001
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    The ip address of 211.248.38.252 was trying to hack my sever yesterday.



    here is the cpanel logs


    Failed logins from these:
    account/password from 211.248.38.252: 1 Time(s)
    adam/password from 211.248.38.252: 1 Time(s)
    adm/password from 211.248.38.252: 2 Time(s)
    alan/password from 211.248.38.252: 1 Time(s)
    apache/password from 211.248.38.252: 1 Time(s)
    backup/password from 211.248.38.252: 1 Time(s)
    cip51/password from 211.248.38.252: 1 Time(s)
    cip52/password from 211.248.38.252: 1 Time(s)
    cosmin/password from 211.248.38.252: 1 Time(s)
    cyrus/password from 211.248.38.252: 1 Time(s)
    data/password from 211.248.38.252: 1 Time(s)
    frank/password from 211.248.38.252: 1 Time(s)
    george/password from 211.248.38.252: 1 Time(s)
    henry/password from 211.248.38.252: 1 Time(s)
    horde/password from 211.248.38.252: 1 Time(s)
    iceuser/password from 211.248.38.252: 1 Time(s)
    irc/password from 211.248.38.252: 2 Time(s)
    jane/password from 211.248.38.252: 1 Time(s)
    john/password from 211.248.38.252: 1 Time(s)
    master/password from 211.248.38.252: 1 Time(s)
    matt/password from 211.248.38.252: 1 Time(s)
    mysql/password from 211.248.38.252: 1 Time(s)
    nobody/password from 211.248.38.252: 1 Time(s)
    noc/password from 211.248.38.252: 1 Time(s)
    operator/password from 211.248.38.252: 1 Time(s)
    oracle/password from 211.248.38.252: 1 Time(s)
    pamela/password from 211.248.38.252: 1 Time(s)
    patrick/password from 211.248.38.252: 2 Time(s)
    rolo/password from 211.248.38.252: 1 Time(s)
    root/password from 211.248.38.252: 59 Time(s)
    server/password from 211.248.38.252: 1 Time(s)
    sybase/password from 211.248.38.252: 1 Time(s)
    test/password from 211.248.38.252: 5 Time(s)
    user/password from 211.248.38.252: 3 Time(s)
    web/password from 211.248.38.252: 2 Time(s)
    webmaster/password from 211.248.38.252: 1 Time(s)
    www-data/password from 211.248.38.252: 1 Time(s)
    www/password from 211.248.38.252: 1 Time(s)
    wwwrun/password from 211.248.38.252: 1 Time(s)

    **Unmatched Entries**
    Illegal user patrick from 211.248.38.252
    Illegal user patrick from 211.248.38.252
    Illegal user rolo from 211.248.38.252
    Illegal user iceuser from 211.248.38.252
    Illegal user horde from 211.248.38.252
    Illegal user cyrus from 211.248.38.252
    Illegal user www from 211.248.38.252
    Illegal user wwwrun from 211.248.38.252
    Illegal user matt from 211.248.38.252
    Illegal user test from 211.248.38.252
    Illegal user test from 211.248.38.252
    Illegal user test from 211.248.38.252
    Illegal user test from 211.248.38.252
    Illegal user www-data from 211.248.38.252
    Illegal user irc from 211.248.38.252
    Illegal user irc from 211.248.38.252
    Illegal user jane from 211.248.38.252
    Illegal user pamela from 211.248.38.252
    Illegal user cosmin from 211.248.38.252
    Illegal user cip52 from 211.248.38.252
    Illegal user cip51 from 211.248.38.252
    Illegal user noc from 211.248.38.252
    Illegal user webmaster from 211.248.38.252
    Illegal user data from 211.248.38.252
    Illegal user user from 211.248.38.252
    Illegal user user from 211.248.38.252
    Illegal user user from 211.248.38.252
    Illegal user web from 211.248.38.252
    Illegal user web from 211.248.38.252
    Illegal user oracle from 211.248.38.252
    Illegal user sybase from 211.248.38.252
    Illegal user master from 211.248.38.252
    Illegal user account from 211.248.38.252
    Illegal user backup from 211.248.38.252
    Illegal user server from 211.248.38.252
    Illegal user adam from 211.248.38.252
    Illegal user alan from 211.248.38.252
    Illegal user frank from 211.248.38.252
    Illegal user george from 211.248.38.252
    Illegal user henry from 211.248.38.252
    Illegal user john from 211.248.38.252
    Illegal user test from 211.248.38.252
     
  2. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    add the ip to /etc/hosts.deny

    Sheldon
     
  3. GOT

    GOT Get Proactive!

    Joined:
    Apr 8, 2003
    Messages:
    900
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Norfolk, VA
    cPanel Access Level:
    DataCenter Provider
    I get those attacks probably five times a day. No big deal if you are running BFD and a firewall and you do not have any of those users with insecure passwords.
     
  4. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    They are scripts out there that are scanning for poorly secured systems. Chances are the address you see there is either spoofed or it was hacked.
     
  5. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    #5 anup123, Oct 8, 2004
    Last edited: Oct 8, 2004
  6. patriotcow

    patriotcow Well-Known Member

    Joined:
    Oct 11, 2004
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Your IP (211.248.38.252) appears as an
    attacker 4,957 times in the DShield database.
     
  7. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    We get hit with the ssh login attempts approx 3 times a day and our router firewall is blocking an attempt (average of every 3 seconds) to access port 445 and port 135

    as long as you have the apf and bfd installed and configured you should be fine

    and follow the other security tips listed in the forum
     
Loading...

Share This Page