I saw the server report today and there is a new port open
113/tcp open auth
[email protected] [~]# fuser -v 113/tcp
USER PID ACCESS COMMAND
113/tcp root 1969 f.... xinetd
[email protected] [~]# ps -aux | grep "xinetd"
root 1969 0.0 0.0 2136 912 ? S 08:41 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
I kill all the xinetd process, restart xinetd, also rebooted the box and port still there..
I have a few cPanel servers and I have never seen this port open, can anyone tell me what is that port ? and how to close it ? I am using RH Ent. 3 .
thkz!
pd: this rare port appear today after a kiddie using a script attacked one of the php-nuke websites I have hosted at the server.
113/tcp open auth
[email protected] [~]# fuser -v 113/tcp
USER PID ACCESS COMMAND
113/tcp root 1969 f.... xinetd
[email protected] [~]# ps -aux | grep "xinetd"
root 1969 0.0 0.0 2136 912 ? S 08:41 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
I kill all the xinetd process, restart xinetd, also rebooted the box and port still there..
I have a few cPanel servers and I have never seen this port open, can anyone tell me what is that port ? and how to close it ? I am using RH Ent. 3 .
thkz!
pd: this rare port appear today after a kiddie using a script attacked one of the php-nuke websites I have hosted at the server.
