Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
01-27-2016, 06:41 AM
#1
LQ Newbie
Registered: Oct 2015
Posts: 8
Rep:
help me - antis ddos
I hacked into the server IP, I check ssh, and this is the type of attack. People that help me.
----------------
Code:
root@ns523851 [~]# netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: - f1 | sort | uniq -c | sort -n
1 103.22.201.193
1 103.22.201.199
1 103.22.201.209
1 103.31.5.240
1 104.155.1.169
1 104.156.233.64
1 104.196.37.65
1 104.196.5.128
1 104.197.138.23
1 104.197.152.26
1 104.237.139.188
1 104.47.151.121
1 106.248.68.117
1 107.178.220.178
1 107.178.220.190
1 107.189.95.74
1 108.162.208.194
1 108.162.222.10
1 108.162.222.17
1 108.162.222.19
1 108.162.222.20
1 108.162.222.22
1 108.162.222.28
1 108.162.222.29
1 108.162.222.5
1 108.162.222.7
1 108.162.225.153
1 108.61.185.210
1 108.61.214.166
1 115.28.14.111
1 116.98.16.40
1 119.252.88.224
1 120.55.88.170
1 121.199.25.71
1 121.41.36.89
1 123.57.175.71
1 130.211.148.156
1 130.211.162.175
1 130.211.181.70
1 134.219.88.127
1 139.179.38.28
1 157.7.153.69
1 162.158.176.107
1 162.158.176.155
1 162.158.176.83
1 168.235.82.19
1 168.62.190.17
1 173.245.62.60
1 178.251.38.17
1 178.32.220.154
1 181.30.29.146
1 182.92.1.65
1 190.103.84.4
1 191.235.179.62
1 192.155.88.30
1 207.46.139.59
1 207.96.144.2
1 212.192.197.20
1 213.171.220.74
1 216.81.196.22
1 218.244.139.144
1 23.102.6.100
1 23.21.69.180
1 23.23.11.28
1 24.114.46.2
1 40.118.244.112
1 40.126.237.124
1 42.121.52.57
1 45.32.255.17
1 45.62.104.158
1 45.62.112.39
1 45.63.122.212
1 46.105.133.128
1 46.226.15.238
1 50.115.233.57
1 50.18.70.225
1 52.0.26.134
1 52.10.249.223
1 52.10.25.162
1 52.1.177.254
1 52.11.88.103
1 52.1.192.75
1 52.16.126.140
1 52.16.75.126
1 52.17.122.198
1 52.17.37.48
1 52.18.136.0
1 52.18.192.152
1 52.18.8.52
1 52.19.181.9
1 52.19.203.168
1 52.192.159.240
1 52.21.227.252
1 52.23.182.171
1 52.26.232.148
1 52.27.245.224
1 52.28.156.52
1 52.30.112.49
1 52.30.24.142
1 52.30.32.212
1 52.31.76.72
1 52.33.171.80
1 52.35.145.183
1 52.4.214.195
1 52.48.22.235
1 52.6.216.240
1 52.62.210.117
1 52.62.32.81
1 52.62.76.170
1 52.64.101.148
1 52.64.159.206
1 52.64.165.9
1 52.64.231.211
1 52.64.255.54
1 52.64.5.53
1 52.70.255.2
1 52.71.96.232
1 52.74.2.182
1 52.74.56.206
1 52.74.88.234
1 52.74.99.140
1 52.76.124.91
1 52.76.26.249
1 52.77.226.107
1 52.77.239.189
1 52.89.96.130
1 52.90.107.239
1 52.90.185.184
1 52.90.205.253
1 52.91.209.2
1 54.148.217.246
1 54.148.55.14
1 54.152.99.82
1 54.154.6.6
1 54.169.143.60
1 54.169.15.146
1 54.169.205.110
1 54.169.55.179
1 54.171.56.24
1 54.171.88.107
1 54.173.213.0
1 54.186.222.247
1 54.188.181.175
1 54.194.176.120
1 54.194.241.78
1 54.197.228.78
1 54.197.92.8
1 54.199.172.85
1 54.200.209.221
1 54.200.218.132
1 54.200.3.183
1 54.201.145.199
1 54.204.46.212
1 54.206.116.251
1 54.208.148.210
1 54.218.13.93
1 54.232.255.136
1 54.233.65.136
1 54.236.195.46
1 54.246.94.52
1 54.66.164.58
1 54.67.122.251
1 54.67.50.65
1 54.69.143.71
1 54.69.153.163
1 54.69.183.225
1 54.76.174.11
1 54.76.203.192
1 54.79.63.76
1 54.84.180.229
1 54.86.137.54
1 54.94.141.191
1 54.94.159.28
1 66.254.70.205
1 69.164.211.51
1 70.75.36.224
1 74.208.184.191
1 78.129.197.95
1 78.46.34.19
1 78.47.147.215
1 81.2.225.69
1 84.86.100.204
1 85.152.15.66
1 91.223.235.201
1 91.230.204.189
2 104.154.66.198
2 104.154.94.63
2 104.155.23.220
2 104.155.47.82
2 104.155.77.72
2 104.156.247.246
2 104.196.21.131
2 104.197.120.68
2 104.197.24.189
2 104.197.72.132
2 104.199.129.139
2 104.41.157.101
2 104.42.230.72
2 108.162.208.159
2 108.162.208.161
2 108.162.225.157
2 1.234.75.168
2 127.0.0.1
2 130.211.73.190
2 130.211.91.253
2 133.242.177.88
2 133.242.232.182
2 138.91.153.131
2 139.129.99.24
2 146.148.93.35
2 148.251.202.44
2 148.251.72.135
2 159.203.19.1
2 162.158.176.167
2 162.158.176.179
2 162.158.176.221
2 162.158.176.95
2 176.58.126.194
2 182.92.163.20
2 192.99.1.116
2 194.24.178.50
2 194.28.255.11
2 198.41.232.23
2 203.217.21.112
2 203.80.232.70
2 210.245.31.10
2 211.204.127.22
2 23.96.90.112
2 31.216.37.248
2 40.118.13.69
2 40.118.215.21
2 40.76.80.43
2 40.76.83.121
2 5.150.252.158
2 5.196.250.249
2 52.0.138.201
2 52.10.104.135
2 52.10.16.52
2 52.10.66.3
2 52.10.8.116
2 52.10.89.90
2 52.1.125.40
2 52.1.149.65
2 52.1.19.2
2 52.12.126.165
2 52.16.12.74
2 52.16.144.213
2 52.16.187.151
2 52.17.140.149
2 52.17.20.216
2 52.17.34.107
2 52.18.104.145
2 52.18.19.108
2 52.19.111.218
2 52.19.139.55
2 52.19.180.122
2 52.193.40.163
2 52.19.35.161
2 52.20.32.62
2 52.2.111.101
2 52.2.150.74
2 52.23.180.136
2 52.23.209.8
2 52.24.148.157
2 52.24.195.199
2 52.24.64.71
2 52.25.134.70
2 52.25.153.216
2 52.26.19.94
2 52.29.236.93
2 52.30.137.181
2 52.30.61.167
2 52.30.66.234
2 52.31.147.200
2 52.31.231.133
2 52.32.184.241
2 52.32.94.42
2 52.33.221.166
2 52.34.134.7
2 52.34.245.247
2 52.34.31.49
2 52.34.80.188
2 52.4.38.108
2 52.48.113.191
2 52.48.66.87
2 52.53.224.205
2 52.5.84.113
2 52.64.141.146
2 52.64.161.95
2 52.64.179.30
2 52.68.219.226
2 52.7.186.60
2 52.74.77.215
2 52.76.1.106
2 52.76.126.29
2 52.76.72.169
2 52.77.209.250
2 52.77.218.217
2 52.77.246.9
2 52.8.138.177
2 52.88.32.82
2 52.89.120.231
2 52.89.5.127
2 52.89.76.143
2 52.90.170.175
2 52.90.205.235
2 52.90.39.141
2 52.91.163.241
2 52.91.201.51
2 52.91.204.112
2 52.91.249.187
2 52.91.81.116
2 54.148.157.94
2 54.148.92.137
2 54.153.108.74
2 54.153.138.12
2 54.154.23.126
2 54.154.91.230
2 54.157.34.40
2 54.159.178.224
2 54.164.40.126
2 54.165.113.222
2 54.165.133.124
2 54.167.175.137
2 54.169.135.169
2 54.169.206.44
2 54.169.49.203
2 54.169.55.146
2 54.171.70.41
2 54.172.85.174
2 54.174.132.130
2 54.174.90.2
2 54.175.6.248
2 54.183.253.186
2 54.186.66.5
2 54.188.133.22
2 54.190.209.200
2 54.201.252.163
2 54.206.199.70
2 54.206.4.216
2 54.206.6.230
2 54.211.8.13
2 54.213.121.73
2 54.218.32.182
2 54.218.83.212
2 54.233.96.69
2 54.64.129.112
2 54.65.224.194
2 54.67.16.53
2 54.68.228.205
2 54.69.100.247
2 54.75.235.160
2 54.76.216.196
2 54.77.224.137
2 54.79.127.195
2 54.79.255.214
2 54.83.47.104
2 54.84.193.128
2 54.84.6.220
2 54.86.99.28
2 54.88.52.160
2 54.88.59.40
2 54.92.76.208
2 69.195.45.213
2 77.215.249.61
2 84.200.44.76
2 84.38.67.58
2 88.198.19.81
2 92.62.228.79
2 95.43.237.110
3 103.22.201.206
3 103.23.22.236
3 103.31.5.55
3 104.155.11.112
3 104.155.239.229
3 104.155.62.182
3 104.155.64.1
3 104.155.70.56
3 104.196.1.118
3 104.196.15.34
3 104.197.103.85
3 104.197.115.168
3 104.197.132.158
3 104.197.218.190
3 104.41.158.135
3 107.178.222.134
3 107.22.214.218
3 108.162.222.47
3 108.61.170.85
3 108.61.195.182
3 123.30.153.88
3 130.211.163.190
3 130.211.189.203
3 130.211.61.89
3 130.211.82.2
3 138.91.165.206
3 144.76.17.47
3 146.148.114.1
3 149.210.223.188
3 157.7.109.39
3 178.254.25.96
3 191.233.41.142
3 191.235.139.249
3 191.237.76.209
3 204.10.160.13
3 212.192.197.25
3 212.71.253.227
3 23.23.28.117
3 23.97.218.46
3 23.99.204.65
3 40.113.22.46
3 40.115.38.206
3 40.127.168.196
3 40.83.182.112
3 40.83.191.34
3 45.35.73.105
3 50.112.161.11
3 50.116.60.143
3 52.0.37.204
3 52.1.0.139
3 52.10.218.169
3 52.11.148.213
3 52.11.152.168
3 52.11.58.188
3 52.1.230.122
3 52.16.134.46
3 52.16.204.52
3 52.17.247.155
3 52.17.4.120
3 52.17.54.168
3 52.17.60.132
3 52.17.82.70
3 52.18.63.17
3 52.18.99.169
3 52.192.141.53
3 52.192.209.16
3 52.19.63.115
3 52.20.0.118
3 52.20.100.245
3 52.20.172.16
3 52.20.73.100
3 52.2.159.197
3 52.23.155.224
3 52.23.163.75
3 52.23.166.190
3 52.23.219.247
3 52.23.254.240
3 52.23.74.23
3 52.23.96.129
3 52.24.21.193
3 52.24.217.151
3 52.24.74.169
3 52.25.143.45
3 52.25.226.216
3 52.25.52.245
3 52.26.7.244
3 52.29.11.244
3 52.29.85.134
3 52.3.104.86
3 52.31.193.138
3 52.31.46.227
3 52.3.192.183
3 52.32.108.227
3 52.32.242.127
3 52.33.204.234
3 52.33.40.209
3 52.33.61.86
3 52.34.141.255
3 52.35.49.220
3 52.4.71.204
3 52.48.106.229
3 52.48.51.109
3 52.5.165.18
3 52.62.106.209
3 52.6.218.143
3 52.62.21.228
3 52.64.135.3
3 52.64.7.145
3 52.64.80.99
3 52.68.123.185
3 52.68.27.161
3 52.68.65.73
3 52.70.14.31
3 52.70.173.194
3 52.71.210.6
3 52.71.21.84
3 52.71.58.221
3 52.7.168.71
3 52.74.0.85
3 52.74.18.203
3 52.76.124.110
3 52.76.141.161
3 52.76.34.25
3 52.76.68.48
3 52.77.251.55
3 52.88.140.219
3 52.88.175.2
3 52.88.225.224
3 52.88.68.12
3 52.8.95.145
3 52.90.228.155
3 52.90.81.173
3 52.91.17.233
3 52.9.43.62
3 52.9.7.33
3 54.149.104.29
3 54.149.178.106
3 54.152.100.83
3 54.152.11.252
3 54.152.245.171
3 54.154.105.229
3 54.154.243.181
3 54.155.66.164
3 54.161.219.128
3 54.163.171.237
3 54.169.253.227
3 54.171.6.68
3 54.172.155.103
3 54.173.134.190
3 54.173.153.189
3 54.173.248.170
3 54.174.104.198
3 54.174.113.183
3 54.175.108.234
3 54.175.187.139
3 54.183.184.18
3 54.186.67.75
3 54.187.197.127
3 54.187.60.70
3 54.191.55.151
3 54.193.43.167
3 54.194.114.129
3 54.194.137.249
3 54.201.20.245
3 54.201.253.17
3 54.206.108.26
3 54.206.72.46
3 54.209.254.202
3 54.210.10.135
3 54.213.141.176
3 54.213.194.30
3 54.221.227.48
3 54.241.11.78
3 54.253.249.88
3 54.65.179.52
3 54.67.67.247
3 54.68.4.127
3 54.69.159.252
3 54.69.61.209
3 54.69.77.67
3 54.76.45.121
3 54.77.14.141
3 54.85.176.194
3 54.94.134.43
3 54.94.159.119
3 54.94.179.141
3 54.94.215.130
3 64.34.252.251
3 78.71.102.210
4 104.154.60.98
4 104.155.238.234
4 104.155.52.105
4 104.155.59.215
4 104.155.63.69
4 104.155.85.202
4 104.196.1.185
4 104.197.13.65
4 104.197.21.40
4 107.167.183.36
4 108.162.222.32
4 130.211.148.133
4 130.211.187.37
4 130.211.93.0
4 13.69.146.220
4 138.91.25.134
4 146.148.123.55
4 146.148.28.132
4 146.148.43.158
4 146.148.69.64
4 146.148.82.87
4 159.203.32.70
4 162.158.176.215
4 178.210.68.177
4 188.114.114.210
4 207.46.141.177
4 23.21.58.215
4 23.251.150.149
4 40.114.52.20
4 40.118.211.124
4 40.127.100.87
4 40.78.28.52
4 40.84.156.9
4 40.84.188.83
4 45.79.191.34
4 46.51.185.146
4 50.18.206.161
4 50.2.188.66
4 52.0.71.53
4 52.10.16.11
4 52.10.173.74
4 52.10.72.27
4 52.11.137.5
4 52.11.213.48
4 52.1.133.168
4 52.18.188.206
4 52.18.35.165
4 52.1.89.213
4 52.18.97.211
4 52.192.209.242
4 52.20.136.206
4 52.20.198.247
4 52.20.250.221
4 52.20.97.71
4 52.23.101.174
4 52.23.187.114
4 52.24.48.164
4 52.25.219.78
4 52.25.67.230
4 52.26.146.186
4 52.26.39.117
4 52.26.47.243
4 52.27.0.5
4 52.27.116.91
4 52.27.135.56
4 52.27.88.240
4 52.30.116.44
4 52.30.1.68
4 52.31.177.58
4 52.32.237.201
4 52.33.209.81
4 52.33.63.195
4 52.34.0.137
4 52.34.103.214
4 52.34.138.203
4 52.35.190.0
4 52.35.46.158
4 52.35.46.42
4 52.35.86.207
4 52.5.107.172
4 52.5.189.53
4 52.62.199.88
4 52.64.59.221
4 52.69.201.162
4 52.69.243.93
4 52.70.224.115
4 52.71.128.94
4 52.71.134.174
4 52.7.144.168
4 52.71.66.213
4 52.74.89.86
4 52.76.182.138
4 52.76.45.246
4 52.77.213.89
4 52.79.45.51
4 52.8.146.48
4 52.88.114.223
4 52.88.169.143
4 52.88.37.228
4 52.88.55.244
4 52.89.4.24
4 52.90.97.51
4 52.91.119.42
4 52.91.37.92
4 54.145.252.156
4 54.148.15.229
4 54.148.210.60
4 54.149.179.164
4 54.152.153.236
4 54.161.251.202
4 54.164.121.32
4 54.164.47.242
4 54.169.178.55
4 54.169.185.29
4 54.169.209.178
4 54.169.50.38
4 54.169.87.37
4 54.171.90.15
4 54.173.187.131
4 54.174.198.185
4 54.174.70.167
4 54.175.158.189
4 54.179.72.35
4 54.183.217.187
4 54.183.233.53
4 54.186.140.27
4 54.188.50.248
4 54.194.246.47
4 54.196.187.15
4 54.196.67.137
4 54.201.121.25
4 54.207.22.145
4 54.209.183.47
4 54.213.197.82
4 54.213.241.34
4 54.218.67.223
4 54.229.34.113
4 54.238.234.90
4 54.252.198.113
4 54.253.206.233
4 54.255.181.89
4 54.66.148.144
4 54.66.201.114
4 54.68.139.89
4 54.68.213.235
4 54.72.53.143
4 54.84.170.6
4 54.84.92.83
4 54.86.10.9
4 54.86.93.220
4 84.127.56.100
5 104.155.204.166
5 104.155.205.34
5 104.155.230.85
5 104.155.32.194
5 104.155.38.99
5 104.155.47.95
5 104.155.7.36
5 104.196.2.167
5 104.196.29.67
5 104.197.28.193
5 104.197.30.7
5 104.197.46.28
5 104.197.86.11
5 104.197.9.65
5 104.199.129.56
5 104.199.135.203
5 104.214.39.101
5 104.43.166.217
5 104.47.145.209
5 107.167.190.161
5 130.211.114.232
5 130.211.153.58
5 130.211.162.19
5 130.211.168.194
5 130.211.242.4
5 130.211.248.84
5 130.211.56.203
5 130.211.83.149
5 137.117.170.44
5 138.91.59.230
5 146.148.69.156
5 146.193.41.139
5 157.7.53.118
5 162.158.176.209
5 168.63.101.115
5 173.255.116.171
5 191.236.58.209
5 207.46.140.29
5 23.101.185.137
5 23.251.135.48
5 23.97.141.197
5 23.97.181.198
5 23.99.108.156
5 40.127.88.51
5 40.76.60.3
5 40.83.184.22
5 40.85.88.48
5 52.0.201.147
5 52.10.135.191
5 52.10.57.67
5 52.11.185.26
5 52.1.121.174
5 52.11.245.131
5 52.11.43.172
5 52.11.58.69
5 52.16.136.77
5 52.16.19.129
5 52.16.20.137
5 52.17.251.147
5 52.19.110.125
5 52.19.188.243
5 52.19.209.238
5 52.192.156.122
5 52.193.14.226
5 52.20.47.193
5 52.21.117.43
5 52.21.157.60
5 52.22.127.29
5 52.22.240.141
5 52.23.152.76
5 52.23.167.213
5 52.23.202.204
5 52.23.241.213
5 52.24.101.115
5 52.24.202.74
5 52.24.9.154
5 52.26.140.247
5 52.26.15.41
5 52.26.173.16
5 52.26.198.164
5 52.26.25.99
5 52.26.95.172
5 52.27.118.107
5 52.28.20.194
5 52.30.198.88
5 52.30.51.54
5 52.3.114.111
5 52.32.196.134
5 52.33.42.23
5 52.34.126.100
5 52.34.61.48
5 52.4.110.51
5 52.4.250.195
5 52.5.152.230
5 52.5.153.5
5 52.53.209.18
5 52.62.161.245
5 52.6.255.216
5 52.64.25.134
5 52.68.34.181
5 52.69.108.196
5 52.70.211.17
5 52.7.84.131
5 52.8.14.162
5 52.8.14.66
5 52.88.185.89
5 52.88.234.46
5 52.88.38.177
5 52.88.99.137
5 52.90.105.78
5 52.90.174.151
5 52.90.196.53
5 52.90.251.95
5 52.91.174.50
5 52.91.179.134
5 52.91.199.236
5 52.91.44.146
5 52.91.97.28
5 52.9.71.92
5 54.144.200.221
5 54.149.118.36
5 54.152.106.200
5 54.153.46.221
5 54.154.95.155
5 54.157.193.201
5 54.164.117.92
5 54.164.99.114
5 54.165.209.3
5 54.169.247.155
5 54.169.251.6
5 54.171.160.46
5 54.172.119.179
5 54.172.155.11
5 54.174.207.188
5 54.175.180.234
5 54.175.241.39
5 54.177.16.123
5 54.186.133.161
5 54.193.102.214
5 54.200.163.27
5 54.205.149.14
5 54.210.27.5
5 54.213.104.219
5 54.213.58.189
5 54.213.96.97
5 54.218.21.67
5 54.219.34.211
5 54.233.118.0
5 54.233.73.175
5 54.254.201.163
5 54.64.188.254
5 54.65.79.127
5 54.67.24.151
5 54.68.208.239
5 54.72.190.216
5 54.84.152.40
5 54.84.92.101
5 54.86.135.20
5 54.86.20.159
5 54.87.19.113
5 54.94.248.243
5 60.245.30.41
5 65.52.227.204
5 92.243.8.13
5 94.23.189.132
6 104.154.53.163
6 104.154.56.246
6 104.154.83.39
6 104.155.194.175
6 104.155.34.88
6 104.155.58.143
6 104.155.69.20
6 104.155.97.135
6 104.196.14.63
6 104.197.111.70
6 104.197.212.90
6 104.199.131.184
6 104.215.199.65
6 104.40.29.6
6 104.40.80.87
6 104.41.207.201
6 108.61.198.199
6 130.211.145.195
6 130.211.174.33
6 130.211.54.192
6 146.148.118.237
6 146.148.77.99
6 168.62.233.33
6 190.34.179.53
6 191.239.218.221
6 207.46.145.91
6 23.236.59.146
6 40.115.50.47
6 40.117.235.108
6 40.122.200.253
6 50.16.35.149
6 52.10.117.83
6 52.10.244.211
6 52.11.171.201
6 52.19.171.169
6 52.19.213.90
6 52.20.143.77
6 52.20.52.201
6 52.2.145.238
6 52.22.70.181
6 52.23.185.177
6 52.23.241.70
6 52.25.122.200
6 52.25.7.93
6 52.26.181.95
6 52.26.19.12
6 52.26.96.226
6 52.27.155.115
6 52.27.193.247
6 52.29.153.74
6 52.29.182.251
6 52.29.250.103
6 52.29.28.138
6 52.32.115.29
6 52.32.151.201
6 52.32.26.6
6 52.3.254.173
6 52.34.125.23
6 52.34.209.44
6 52.35.92.9
6 52.6.170.220
6 52.62.110.120
6 52.62.177.250
6 52.64.248.123
6 52.68.206.255
6 52.6.91.163
6 52.69.195.152
6 52.72.12.127
6 52.72.4.130
6 52.74.240.192
6 52.76.198.41
6 52.8.221.175
6 52.8.46.171
6 52.8.46.81
6 52.88.179.55
6 52.88.60.237
6 52.8.97.72
6 52.90.108.40
6 52.90.112.250
6 52.90.232.246
6 52.91.142.12
6 52.91.207.20
6 52.91.251.105
6 52.91.78.60
6 54.152.62.46
6 54.153.166.35
6 54.154.100.207
6 54.165.115.160
6 54.165.157.252
6 54.171.11.49
6 54.172.208.190
6 54.173.50.71
6 54.186.121.222
6 54.187.66.148
6 54.191.211.70
6 54.191.79.252
6 54.200.135.73
6 54.200.148.242
6 54.206.20.203
6 54.210.181.8
6 54.211.171.120
6 54.213.222.16
6 54.251.155.126
6 54.67.40.73
6 54.69.57.67
6 54.77.227.68
6 54.82.56.221
6 54.83.204.79
6 54.83.3.161
6 54.83.53.205
6 54.83.60.134
6 54.84.36.124
6 54.86.11.105
6 54.88.166.27
6 54.93.61.158
6 8.35.193.39
6 84.104.69.35
7 104.155.12.241
7 104.155.59.253
7 104.155.66.2
7 104.197.125.175
7 104.197.82.255
7 104.197.95.168
7 104.211.36.38
7 104.215.94.213
7 104.40.92.10
7 108.59.85.145
7 130.211.117.178
7 138.91.190.38
7 146.148.21.192
7 149.202.61.30
7 173.255.118.227
7 23.236.49.187
7 23.251.136.2
7 23.251.159.51
7 23.97.59.33
7 23.99.119.199
7 40.117.42.240
7 40.74.61.26
7 40.76.214.57
7 45.32.243.233
7 50.16.56.125
7 52.0.157.26
7 52.10.19.81
7 52.10.215.155
7 52.10.73.10
7 52.11.213.199
7 52.16.227.14
7 52.18.72.156
7 52.22.246.203
7 52.23.154.170
7 52.23.219.30
7 52.24.108.31
7 52.25.168.45
7 52.25.221.212
7 52.26.13.119
7 52.26.15.57
7 52.28.95.14
7 52.30.61.35
7 52.32.222.52
7 52.32.227.21
7 52.33.27.249
7 52.34.137.150
7 52.34.48.155
7 52.5.167.157
7 52.6.184.13
7 52.62.85.201
7 52.64.32.172
7 52.7.138.234
7 52.71.63.12
7 52.71.74.0
7 52.8.11.200
7 52.88.111.18
7 52.88.164.116
7 52.88.29.92
7 52.88.71.11
7 52.90.106.188
7 52.90.137.189
7 52.90.184.31
7 52.90.42.11
7 52.91.234.137
7 52.91.36.45
7 52.91.65.182
7 54.148.14.94
7 54.152.129.11
7 54.153.30.130
7 54.158.166.141
7 54.165.220.156
7 54.175.243.154
7 54.186.63.0
7 54.191.69.249
7 54.194.96.210
7 54.200.218.76
7 54.200.89.16
7 54.201.0.47
7 54.201.166.237
7 54.208.4.193
7 54.213.133.15
7 54.252.105.211
7 54.64.229.13
7 54.65.201.65
7 54.72.115.116
7 54.85.14.190
7 54.86.102.25
7 54.88.143.243
7 54.88.6.152
8 104.145.234.145
8 104.154.51.67
8 104.154.64.14
8 104.154.95.128
8 104.197.137.252
8 104.199.130.252
8 104.208.244.167
8 104.47.136.164
8 130.211.139.85
8 137.135.104.55
8 146.148.113.119
8 168.61.91.85
8 174.129.200.178
8 191.235.220.75
8 23.251.140.164
8 40.117.230.87
8 40.118.210.80
8 50.116.25.213
8 52.10.235.51
8 52.11.149.13
8 52.11.86.183
8 52.1.86.244
8 52.19.212.156
8 52.21.119.1
8 52.24.245.71
8 52.24.28.111
8 52.27.118.224
8 52.28.159.63
8 52.29.69.161
8 52.34.141.88
8 52.34.84.59
8 52.4.23.66
8 52.4.242.157
8 52.48.33.222
8 52.64.102.10
8 52.64.4.76
8 52.69.78.48
8 52.7.190.104
8 52.8.172.193
8 52.8.201.95
8 52.88.225.136
8 52.91.41.153
8 54.163.85.249
8 54.172.99.180
8 54.173.189.179
8 54.175.75.84
8 54.175.86.69
8 54.183.131.78
8 54.188.240.4
8 54.191.59.73
8 54.201.143.151
8 54.208.100.77
8 54.211.29.119
8 54.68.201.101
8 54.68.7.216
8 54.94.215.70
9 104.154.45.34
9 104.155.229.246
9 104.155.42.20
9 104.155.64.133
9 104.41.161.169
9 108.162.208.165
9 109.74.13.177
9 111.221.91.19
9 137.116.154.213
9 138.91.146.252
9 168.63.140.40
9 168.63.36.129
9 191.239.211.163
9 23.99.119.67
9 40.74.136.247
9 45.32.235.45
9 46.137.152.139
9 52.16.185.93
9 52.17.142.33
9 52.192.33.116
9 52.28.102.133
9 52.33.201.27
9 52.48.52.117
9 52.59.245.43
Last edited by unSpawn; 01-28-2016 at 01:06 AM .
Reason: //vBB code tags, thanks for reporting!
01-27-2016, 07:09 AM
#2
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
Quote:
Originally Posted by
userhp
I hacked into the server IP
What does this mean exactly?
Were / Are you having issue reaching your server?
fail2ban out of the box, can alleviate the issue.
ssh protection is enabled by default upon installation
and enabling of the fail2ban service.
http://www.fail2ban.org/wiki/index.php/Main_Page
01-27-2016, 09:30 AM
#3
LQ Newbie
Registered: Oct 2015
Posts: 8
Original Poster
Rep:
Quote:
Originally Posted by
Habitual
What does this mean exactly?
Were / Are you having issue reaching your server?
fail2ban out of the box, can alleviate the issue.
ssh protection is enabled by default upon installation
and enabling of the fail2ban service.
http://www.fail2ban.org/wiki/index.php/Main_Page
it attacks the server, and the server dies, losing the whole connection, you have no way to solve it, and I'm using csf
01-27-2016, 11:06 AM
#4
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
Quote:
Originally Posted by
userhp
it attacks the server, and the server dies, losing the whole connection, you have no way to solve it, and I'm using csf
Is this a cPanel/WHM host?
01-28-2016, 01:17 AM
#5
Moderator
Registered: May 2001
Posts: 29,415
Quote:
Originally Posted by
userhp
it attacks the server, and the server dies, losing the whole connection, you have no way to solve it, and I'm using csf
Please limit crucial / admin services to your management IP (range) for the duration, limit imbound connections via iptables rules (or better: edge router), implement fail2ban (+
ipset ) as Habitual suggested and please detail what changes you made as you reported DDoS attacks against the server
way back in October of 2015 ?
01-28-2016, 09:25 AM
#6
LQ Newbie
Registered: Oct 2015
Posts: 8
Original Poster
Rep:
Quote:
Originally Posted by
Habitual
Is this a cPanel/WHM host?
yes , WHM , attack type: wordpress xmlrpc , help me fix
01-28-2016, 09:27 AM
#7
LQ Newbie
Registered: Oct 2015
Posts: 8
Original Poster
Rep:
Quote:
Originally Posted by
unSpawn
Please limit crucial / admin services to your management IP (range) for the duration, limit imbound connections via iptables rules (or better: edge router), implement fail2ban (+
ipset ) as Habitual suggested and please detail what changes you made as you reported DDoS attacks against the server
way back in October of 2015 ?
attack type: wordpress xmlrpc , help me fix
01-28-2016, 11:28 AM
#8
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
You can and should investigate csf/lfd on WHM/cPanel hosts.
Otherwise install fail2ban and use the following.
/etc/fail2ban/filter.d/xmlrpc.conf
Code:
[Definition]
docroot = /var/www/html
badadmin = xmlrpc.php
failregex = ^<HOST> .*"(POST|GET|HEAD) \/(?:(badadmin)s).*?"
ignoreregex =
[xmlrpc jail]
Code:
[xmlrpc]
enabled = true
port = http
filter = xmlrpc
action = iptables-allports[name=xmlrpc, port="http", protocol=tcp]
logpath = /var/log/apache2/access.log
backend = polling
findtime = 86400 ; 1 day
bantime = -1
maxretry = 1
http://codex.wordpress.org/Hardening_WordPress
01-28-2016, 10:11 PM
#9
Member
Registered: Dec 2015
Posts: 131
Rep:
Try putting it in panic mode then black list those ips.
firewall-cmd --panic-on
firewall-cmd --set-default-zone=public --permanent
firewall-cmd --list-all
Lastly change all passwords (strong password please)
Last edited by MrTux; 01-28-2016 at 10:14 PM .
Reason: error
01-29-2016, 09:40 AM
#10
LQ Newbie
Registered: Oct 2015
Posts: 8
Original Poster
Rep:
Quote:
Originally Posted by
Habitual
You can and should investigate csf/lfd on WHM/cPanel hosts.
Otherwise install fail2ban and use the following.
/etc/fail2ban/filter.d/xmlrpc.conf
Code:
[Definition]
docroot = /var/www/html
badadmin = xmlrpc.php
failregex = ^<HOST> .*"(POST|GET|HEAD) \/(?:(badadmin)s).*?"
ignoreregex =
[xmlrpc jail]
Code:
[xmlrpc]
enabled = true
port = http
filter = xmlrpc
action = iptables-allports[name=xmlrpc, port="http", protocol=tcp]
logpath = /var/log/apache2/access.log
backend = polling
findtime = 86400 ; 1 day
bantime = -1
maxretry = 1
http://codex.wordpress.org/Hardening_WordPress
I'm not really good with the server, let me ask, I installed csf + WHM, I can how to block attacks xmlrpc
Question 2: I installed fail2ban to affect the running web? and there is opposition between fail2ban and csf?
01-29-2016, 09:41 AM
#11
LQ Newbie
Registered: Oct 2015
Posts: 8
Original Poster
Rep:
Quote:
Originally Posted by
MrTux
Try putting it in panic mode then black list those ips.
firewall-cmd --panic-on
firewall-cmd --set-default-zone=public --permanent
firewall-cmd --list-all
Lastly change all passwords (strong password please)
I do not really get it, because I'm not fluent in the host, more detailed help me
01-29-2016, 09:44 AM
#12
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
Quote:
Originally Posted by
userhp
I'm not really good with the server, let me ask, I installed csf + WHM
You may wish to consider hiring a Linux Professional to implement fail2ban on your server.
Some folks using Wordpress just delete or rename the xmlrpc.php file, but this can break some trivial publishing
widgets.
You could also use this in an .htaccess file or the site.conf
Code:
<Files xmlrpc.php>
order deny,allow
deny from all
Allow from 127.0.0.1
</Files>
Restart apache2/httpd after you do, if you do.
Good Luck.
Last edited by Habitual; 01-29-2016 at 09:51 AM .
01-29-2016, 09:55 AM
#13
LQ Newbie
Registered: Oct 2015
Posts: 8
Original Poster
Rep:
Quote:
Originally Posted by
Habitual
You may wish to consider hiring a Linux Professional to implement fail2ban on your server.
Some folks using Wordpress just delete or rename the xmlrpc.php file, but this can break some trivial publishing
widgets.
You could also use this in an .htaccess file or the site.conf
Code:
<Files xmlrpc.php>
order deny,allow
deny from all
Allow from 127.0.0.1
</Files>
Restart apache2/httpd after you do, if you do.
Good Luck.
My problem is: I being attacked through holes xmlrpc, I how to prevent such attacks? Can I hire you to intervene and help me on the issue of security for my server?
Last edited by userhp; 01-29-2016 at 09:57 AM .
01-29-2016, 10:13 AM
#14
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
I've showed you at least 2 mechanisms for alleviating the issue.
You could hire me, but I am not for hire from the forum (It takes money out of Jeremy's pocket)
and you could not afford it.
Try
https://duckduckgo.com/?q=xmlrpc.php+attack+prevention
Sorry about that.
Last edited by Habitual; 01-29-2016 at 01:06 PM .
01-31-2016, 11:34 PM
#15
Member
Registered: Dec 2015
Posts: 131
Rep:
Quote:
Originally Posted by
userhp
I do not really get it, because I'm not fluent in the host, more detailed help me
That's exactly what you need to do using root but you need to have physical access to the server. as in panic mode only local access is allowed.
All times are GMT -5. The time now is 08:09 PM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
Latest Threads
LQ News