I have been receiving a lot of emails from LFD about this ip (93.190.138.129) port scanning.
I get about 3+ of these emails a day letting me know that ldf has blocked the ip temporary.
I am now wondering should I be worried about this ip port scanning?
The ip is from the netherlands where my server is hosted and was wondering if its a coincidence or not?
I get a lot of messages from CSF about Port Scanning and Bruteforce detection.. Is there a way to avoid all of these attacks ? Because it tries to figure out my clients ftp or pop3 user with several usernames, i.e. administrator, postgres, mysql, httpd, and many more..
I know a little about internet security.. Is it possible to make my public IP of shared hosting untraceable ? Like this one..
Just do a ping to ebay.com or paypal.com and then you will receive RTO message or Destination host unreachable, but actually the site is running well..
I found several requests in my error log which looks like someone was scanning my site for phpMyAdmin. This was a newly created subdomain. So I checked my main site and another subdomain and they also contained similar entries. Should I do something?
[Fri Jul 03 03:23:16 2009] [error] [client 65.23.157.214] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/phpMyAdmin
[Fri Jul 03 03:23:16 2009] [error] [client 65.23.157.214] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/phpmyadmin
[Fri Jul 03 03:23:16 2009] [error] [client 65.23.157.214] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/pma ...
A website I've recently been entrusted with was cracked into via brute force ftp earlier this week. Apparently the bad guys ran a script that added iframe links to every page named index.html. The iframe linked to 3 sites that prompted malware downloads.
I think I've found and removed all the affected code, however I'm looking for an online website scanner that will drill down through all the links on a given site and search the code for similar problems.
I've only found a couple of these so far and they don't seem to fit the bill; was wondering if anyone here had recommendations or experience with similar tools...
Does anyone have experience of PCI DSS scanning on a shared server? Our current hosting company have told us that it's unlikely to pass on a shared server, and that we should move to a Virtual Managed Server for them to make the necessary changes to pass a PCI scan.
In particular, we're talking PCI compliance to use PayPal website payments pro UK.
From Googling there seems to be a lot of debate on this issue - varying from 'all you need for PCI compliance is a SSL certificate' (this seems to be paypals attitude), to 'PCI scans can be passed on a shared server if your host is willing to help' to 'you need separate dedicated servers for the database and site etc'.
Does anyone use website payments pro UK, have a shared server, and regularly pass quarterly PCI scans? Also, we would much prefer a host based in the UK - we seem to get much better performance from our UK host than we did when the site was hosted in the US (our customers are almost completely UK based).
My internet security software blocked port scanning from IANA
Internet Assigned Numbers Authority. Who is this and what are they doing scanning the ports on my computer.
What do you recommend for scanning a site against intrusions and security holes?
View 1 Replies View RelatedSo I've been working on getting the modsecurity upload scan function to work for over 4 hours now and i'm done with this junk to say the least.
Using modsec 1.9
Cpanel 10x
Apache 1.3
in the modsec.conf
SecUploadDir /tmp
SecUploadApproveScript /usr/local/apache/htdocs/upload_scan.pl
All I get in the audit_log is:
Access denied with code 406. Error verifying files: Received no output from the approver script (execution failed?) "/usr/local/apache/htdocs/upload_scan.pl" ....
My main goal was stopping incomingo spam.. and MailScanner is doing a great work on that.. but, it is taking too much time extracting and scanning attachments... does anyone know how to disable scanning the attachments ?
This is my top output from MailScanner running:
Code:
12:10 3 MailScanner: extracting attachments
I tried to configure Sendmail as e-mail MTA with ClamAV & SpamAssassin before my local network. I can send and receive e-mail but spamassassin doesn't filter them. Do you know where I should look for?
I was trying to install mailscanner on a cpanel box using chirpy's script [url], followed every step, until this:
Code:
[root@server.yourbox.com:~]perl mscpanel.pl -i
Unable to open spam.scanning.rules for reading: file or directory doesnt exist at mscpanel.pl line 115.
On the 115 line i found this:
Code:
open (IN, "</usr/mailscanner/etc/rules/spam.scanning.rules") or die "Unable to open spam.scanning.rules for reading: $!";
The file /usr/mailscanner/etc/rules/spam.scanning.rules just doesnt exists... maybe chirpy's script is not working well installing everything its needed..
I'm running CentOS with Paralells Plesk bundled Paralellls Premium Antivirus (Dr Web). After the latest yum updates DrWeb continously seems to crash and be restarted by the Parallells watchdog. By default there were no logs for DrWeb, but when I enable logging to a file it gets spammed continously with the following error:
Cannot create pipe for communication with scanning childs (Too many open files)and the Drweb process runs at 99% CPU for long periods. This totally fills the disk with logs and I've now disabled logging again and Drweb is back to continously being restarted by the watchdog.
I'm runnung a server with Apache2 (Apache/2.2.16 (Debian 6.0))
I would like Apache2 listen on port 8080 for IPv4 and on port 80 for IPv6.
This is what I have now:
/etc/apache2/ports.conf
Currently I am using Linux + cPAnel and using the port 25 for email sevrer. Currently we facing 1 problem is, some user's ISP is not support port. May I know how can I add additional port into server and allow users to send mail by different port?
View 1 Replies View RelatedI have an office internal website and I opened a port in the gateway of my office (7080) to this website (server )'s 80 port. That makes this website open to public as office has static IP. And then when I view the site from home . it's fine. But when I tried to login, the site is using a pop-up, I guess it's http authentciation, login, I was redirected to a url without my port number any more, that stops my access to the site as obviously I would.
How can I keep my connection/port number ...?
about the NIC and switch,
there are giga port vs mega port,
in your experience,do they really be different?
I recently changed my SSH port, but locked myself out when my APF firewall was installed.
Where would I got to add a custom port inside the APF's config file?
I am using proftpd...How do i instruct that the server don't listen on high ports 49152-65534 but only to 21?
The reason is because my client's firewall setup is very strict and i need to give a good reason to open those high ports. Right now, i can ftp to port 21 only but can't do nothing more than that coz the higher ports are blocked.
i now have root access at a site i manage and the previous admin has set up a different SSH port.
I think this because i get " Connection Refused " and that user has access for SSH.
When restarting my SSH services i recive;
Quote:
sshd has failed, please contact the sysadmin.
And from looking that error up it means the port has been changed.
So i have WHMC access and all other root passwords etc, but how can i find out the port?
Bought New VPS recently , it suppose 10MB unmetered .. when Download Big files thru SSH , the Speed Never Exceed 2MB, always 2mb or less ..
i thought i get 10mb, from wht i understood when say 10mb unmteret ..
how to make sure if i'm on 10 mb unmetered or not .. i thought simple just download some big file from ssh and see wht speed ..
I have cpanel running on a centos box and I want to change the ssh port from (22) the default port to something new i get 13000 login add temps a day. How do i do this i have root access
View 11 Replies View Relatedis it safe to keep the port 111 open or what?
i'm using CentOS 4.x
I am having my ded server disconnected in less than 2 hours if I dont delete a bad website off my dedicated server (I run a free hosting website on it...i know! I know!)
Anyways I need to login to ROOT and manually take this website off the server, which I have NO IDEA how to do anyways, but I need the SSH port to do so and I HAVE NO IDEA what it is!
How do I find this information out?
I'm a bit new to this, and I wanted to host my server on a VPS. I tried connecting, but that just didn't work. Do I need to portforward the VPS? Sorry, Like I said, I'm a bit new.
View 6 Replies View RelatedI know this is a bit of an odd question but I have a VPS which has port 1189 open. Is it normal by default to have this port listening on a OpenVZ VPS under HyperVM? or is this something a little concerning? Never noticed it before, just checking I don't want any illegal applications being hosted on my server by clients.
It's most probably nothing to be concerned about, just wanted to double check.
I would like to know on how to forward specific IP with port to localhost or any IP by using iptables ? For example i would like to forward for port 25 from IP A to IP B, Currently i'm doing a test with my firewall and i'm very blur with iptables thingy.
View 2 Replies View Relatedwhat is port forwarding?
View 2 Replies View Related