Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

this ip address was trying to hack my sever

Discussion in 'General Discussion' started by cyo, Oct 8, 2004.

  1. cyo

    cyo Active Member

    Joined:
    Oct 26, 2001
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    306
    The ip address of 211.248.38.252 was trying to hack my sever yesterday.



    here is the cpanel logs


    Failed logins from these:
    account/password from 211.248.38.252: 1 Time(s)
    adam/password from 211.248.38.252: 1 Time(s)
    adm/password from 211.248.38.252: 2 Time(s)
    alan/password from 211.248.38.252: 1 Time(s)
    apache/password from 211.248.38.252: 1 Time(s)
    backup/password from 211.248.38.252: 1 Time(s)
    cip51/password from 211.248.38.252: 1 Time(s)
    cip52/password from 211.248.38.252: 1 Time(s)
    cosmin/password from 211.248.38.252: 1 Time(s)
    cyrus/password from 211.248.38.252: 1 Time(s)
    data/password from 211.248.38.252: 1 Time(s)
    frank/password from 211.248.38.252: 1 Time(s)
    george/password from 211.248.38.252: 1 Time(s)
    henry/password from 211.248.38.252: 1 Time(s)
    horde/password from 211.248.38.252: 1 Time(s)
    iceuser/password from 211.248.38.252: 1 Time(s)
    irc/password from 211.248.38.252: 2 Time(s)
    jane/password from 211.248.38.252: 1 Time(s)
    john/password from 211.248.38.252: 1 Time(s)
    master/password from 211.248.38.252: 1 Time(s)
    matt/password from 211.248.38.252: 1 Time(s)
    mysql/password from 211.248.38.252: 1 Time(s)
    nobody/password from 211.248.38.252: 1 Time(s)
    noc/password from 211.248.38.252: 1 Time(s)
    operator/password from 211.248.38.252: 1 Time(s)
    oracle/password from 211.248.38.252: 1 Time(s)
    pamela/password from 211.248.38.252: 1 Time(s)
    patrick/password from 211.248.38.252: 2 Time(s)
    rolo/password from 211.248.38.252: 1 Time(s)
    root/password from 211.248.38.252: 59 Time(s)
    server/password from 211.248.38.252: 1 Time(s)
    sybase/password from 211.248.38.252: 1 Time(s)
    test/password from 211.248.38.252: 5 Time(s)
    user/password from 211.248.38.252: 3 Time(s)
    web/password from 211.248.38.252: 2 Time(s)
    webmaster/password from 211.248.38.252: 1 Time(s)
    www-data/password from 211.248.38.252: 1 Time(s)
    www/password from 211.248.38.252: 1 Time(s)
    wwwrun/password from 211.248.38.252: 1 Time(s)

    **Unmatched Entries**
    Illegal user patrick from 211.248.38.252
    Illegal user patrick from 211.248.38.252
    Illegal user rolo from 211.248.38.252
    Illegal user iceuser from 211.248.38.252
    Illegal user horde from 211.248.38.252
    Illegal user cyrus from 211.248.38.252
    Illegal user www from 211.248.38.252
    Illegal user wwwrun from 211.248.38.252
    Illegal user matt from 211.248.38.252
    Illegal user test from 211.248.38.252
    Illegal user test from 211.248.38.252
    Illegal user test from 211.248.38.252
    Illegal user test from 211.248.38.252
    Illegal user www-data from 211.248.38.252
    Illegal user irc from 211.248.38.252
    Illegal user irc from 211.248.38.252
    Illegal user jane from 211.248.38.252
    Illegal user pamela from 211.248.38.252
    Illegal user cosmin from 211.248.38.252
    Illegal user cip52 from 211.248.38.252
    Illegal user cip51 from 211.248.38.252
    Illegal user noc from 211.248.38.252
    Illegal user webmaster from 211.248.38.252
    Illegal user data from 211.248.38.252
    Illegal user user from 211.248.38.252
    Illegal user user from 211.248.38.252
    Illegal user user from 211.248.38.252
    Illegal user web from 211.248.38.252
    Illegal user web from 211.248.38.252
    Illegal user oracle from 211.248.38.252
    Illegal user sybase from 211.248.38.252
    Illegal user master from 211.248.38.252
    Illegal user account from 211.248.38.252
    Illegal user backup from 211.248.38.252
    Illegal user server from 211.248.38.252
    Illegal user adam from 211.248.38.252
    Illegal user alan from 211.248.38.252
    Illegal user frank from 211.248.38.252
    Illegal user george from 211.248.38.252
    Illegal user henry from 211.248.38.252
    Illegal user john from 211.248.38.252
    Illegal user test from 211.248.38.252
     
  2. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Canada
    add the ip to /etc/hosts.deny

    Sheldon
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. GOT

    GOT Get Proactive!
    PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,065
    Likes Received:
    47
    Trophy Points:
    178
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    I get those attacks probably five times a day. No big deal if you are running BFD and a firewall and you do not have any of those users with insecure passwords.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Lewisville, Tx
    They are scripts out there that are scanning for poorly secured systems. Chances are the address you see there is either spoofed or it was hacked.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    890
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    This Planet
    #5 anup123, Oct 8, 2004
    Last edited: Oct 8, 2004
  6. patriotcow

    patriotcow Well-Known Member

    Joined:
    Oct 11, 2004
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    156
    Your IP (211.248.38.252) appears as an
    attacker 4,957 times in the DShield database.
     
  7. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    We get hit with the ssh login attempts approx 3 times a day and our router firewall is blocking an attempt (average of every 3 seconds) to access port 445 and port 135

    as long as you have the apf and bfd installed and configured you should be fine

    and follow the other security tips listed in the forum
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice