Hola a todos, tengo un servidor y desde hace días está sufriendo ataques salientes a otros equipos remotos.
Le hago a mi server un
y me aparecen muchas ip en Time Wait.
Si alguien puede iluminarme con alguna solución a añadir o poder evitar esto sería genial.
También mencionar que hoy encontré una carpeta dentro de Joomla editada hace un mes con unos archivos un tanto curiosos para realizar ataques a otros equipos remotos por lo que se ve.
Si sirve de ayuda adjunto un log de mi netstat por si alguien sabe que puedo hacer por favor.
Siendo 999.999.999.99 la ip de mi servidor modificada.
Gracias.
Le hago a mi server un
Código:
netstat -tapnSi alguien puede iluminarme con alguna solución a añadir o poder evitar esto sería genial.
También mencionar que hoy encontré una carpeta dentro de Joomla editada hace un mes con unos archivos un tanto curiosos para realizar ataques a otros equipos remotos por lo que se ve.
Si sirve de ayuda adjunto un log de mi netstat por si alguien sabe que puedo hacer por favor.
Siendo 999.999.999.99 la ip de mi servidor modificada.
Gracias.
Código:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 1390/clamd
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 11433/spamd.pid
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1433/httpd
tcp 0 0 0.0.0.0:8880 0.0.0.0:* LISTEN 1509/sw-cp-server
tcp 0 0 999.999.999.999:53 0.0.0.0:* LISTEN 1963/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1963/named
tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN 2130/drwebd.real
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1963/named
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1433/httpd
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 1509/sw-cp-server
tcp 0 0 0.0.0.0:69 0.0.0.0:* LISTEN 1373/sshd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1859/mysqld
tcp 0 0 999.999.999.999:80 84.123.244.246:51110 TIME_WAIT -
tcp 0 0 999.999.999.999:80 81.32.187.10:62543 TIME_WAIT -
tcp 0 0 999.999.999.999:80 84.123.244.246:51146 TIME_WAIT -
tcp 0 0 999.999.999.999:80 81.32.187.10:62554 TIME_WAIT -
tcp 0 0 999.999.999.999:80 81.32.187.10:62545 TIME_WAIT -
tcp 0 0 999.999.999.999:80 81.32.187.10:62544 TIME_WAIT -
tcp 0 0 999.999.999.999:80 94.228.34.207:57926 TIME_WAIT -
tcp 0 0 999.999.999.999:80 81.32.187.10:62553 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47547 TIME_WAIT -
tcp 0 0 999.999.999.999:80 94.228.34.207:51983 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:41660 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47563 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47533 TIME_WAIT -
tcp 0 0 999.999.999.999:80 84.123.244.246:51123 TIME_WAIT -
tcp 0 0 999.999.999.999:80 180.76.6.29:7228 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:41300 TIME_WAIT -
tcp 0 0 999.999.999.999:80 81.32.187.10:62547 TIME_WAIT -
tcp 0 0 999.999.999.999:80 74.82.64.17:54817 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47528 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:42198 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47529 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47543 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47534 TIME_WAIT -
tcp 0 0 999.999.999.999:80 81.32.187.10:62555 TIME_WAIT -
tcp 0 0 999.999.999.999:80 81.32.187.10:62556 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:41754 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:41376 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47541 TIME_WAIT -
tcp 0 0 999.999.999.999:80 81.32.187.10:62546 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47549 TIME_WAIT -
tcp 0 0 999.999.999.999:80 94.228.34.207:58272 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47539 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47544 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47540 TIME_WAIT -
tcp 0 0 999.999.999.999:80 81.32.187.10:62542 TIME_WAIT -
tcp 0 0 999.999.999.999:80 37.58.100.175:46471 TIME_WAIT -
tcp 0 0 999.999.999.999:80 84.123.244.246:51133 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47526 TIME_WAIT -
tcp 0 0 999.999.999.999:80 94.228.34.207:60858 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47546 TIME_WAIT -
tcp 0 0 999.999.999.999:80 81.32.187.10:62552 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:41833 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:41934 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47527 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47537 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47536 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:41472 TIME_WAIT -
tcp 0 4896 999.999.999.999:69 185.63.207.106:49628 ESTABLISHED 13398/sshd
tcp 0 0 999.999.999.999:80 66.249.78.194:53085 TIME_WAIT -
tcp 0 0 999.999.999.999:80 84.123.244.246:51156 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47530 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47531 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47538 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47545 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47542 TIME_WAIT -
tcp 0 0 999.999.999.999:80 80.29.10.48:47535 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:42015 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:42093 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:41573 TIME_WAIT -
tcp 0 0 :::110 :::* LISTEN 1449/couriertcpd
tcp 0 0 :::143 :::* LISTEN 1432/couriertcpd
tcp 0 0 :::8880 :::* LISTEN 1509/sw-cp-server
tcp 0 0 :::53 :::* LISTEN 1963/named
tcp 0 0 :::21 :::* LISTEN 1381/xinetd
tcp 0 0 :::8443 :::* LISTEN 1509/sw-cp-server
tcp 0 0 :::993 :::* LISTEN 1441/couriertcpd
tcp 0 0 :::995 :::* LISTEN 1458/couriertcpd
tcp 0 0 :::69 :::* LISTEN 1373/sshd
tcp 0 0 :::106 :::* LISTEN 1381/xinetd
[root@server httpdocs]# netstat -tapn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 1390/clamd
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 11433/spamd.pid
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1433/httpd
tcp 0 0 0.0.0.0:8880 0.0.0.0:* LISTEN 1509/sw-cp-server
tcp 0 0 999.999.999.999:53 0.0.0.0:* LISTEN 1963/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1963/named
tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN 2130/drwebd.real
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1963/named
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1433/httpd
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 1509/sw-cp-server
tcp 0 0 0.0.0.0:69 0.0.0.0:* LISTEN 1373/sshd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1859/mysqld
tcp 0 0 999.999.999.999:21 83.63.207.186:50682 ESTABLISHED 3158/proftpd: last
tcp 0 0 999.999.999.999:80 162.243.126.63:44101 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3935 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3842 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3856 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:43923 TIME_WAIT -
tcp 0 0 999.999.999.999:80 183.60.214.47:58859 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3968 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3898 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3836 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3841 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3972 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:44469 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3868 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:44194 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3966 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3974 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3929 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3838 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3894 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3976 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3980 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:44547 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:44645 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3960 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:44019 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3854 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:44824 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:44372 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3896 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3890 TIME_WAIT -
tcp 0 0 999.999.999.999:80 180.76.5.145:46821 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:44292 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:44740 TIME_WAIT -
tcp 0 4800 999.999.999.999:69 483.633.207.186:49628 ESTABLISHED 13398/sshd
tcp 0 0 999.999.999.999:80 181.142.142.42:3970 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3853 TIME_WAIT -
tcp 0 0 999.999.999.999:80 181.142.142.42:3892 TIME_WAIT -
tcp 0 0 :::110 :::* LISTEN 1449/couriertcpd
tcp 0 0 :::143 :::* LISTEN 1432/couriertcpd
tcp 0 0 :::8880 :::* LISTEN 1509/sw-cp-server
tcp 0 0 :::53 :::* LISTEN 1963/named
tcp 0 0 :::21 :::* LISTEN 1381/xinetd
tcp 0 0 :::8443 :::* LISTEN 1509/sw-cp-server
tcp 0 0 :::993 :::* LISTEN 1441/couriertcpd
tcp 0 0 :::995 :::* LISTEN 1458/couriertcpd
tcp 0 0 :::69 :::* LISTEN 1373/sshd
tcp 0 0 :::106 :::* LISTEN 1381/xinetd
[root@server httpdocs]#
