It's hacking and most probably it's a kidnapped address. That means, if you block at firewall level those addresses, most probably other will appear. My server is under the same kind of attack and I got tired of adding addresses to my firewall blacklist.
That attack came in my case, after I left my mail server with no autentication and some spammers used it during a weekend to do their job. After that, came sequences of attacks, usually from three different addresses, trying to send spam through my server. Of course I blocked my mail server, but after a few days, they began trying to access my HTTP proxy server, then I had to block HTTP proxy access for outside computers. I strongly suggest you to check your console to monitor those hackers/spammers and then once you check out what they are trying to do, use the Sambar security settings to filter them out. They will keep trying to access, but at least you will know that they are being kept outside. Finally, if you are not using a firewall, it's time to start using it. I suggest you ZoneAlarm. It's very easy to set up and it's cheap. That's specially true if you are using Win98 as your OS. Best regards, Chi Omega wrote: > Okay some guy or something is doing something to my server. > > This is not normal for my computer because not many people visit it. > > And almost all the connections is SOCKS-proxy, and they all come from > > the same 3 ip > > 4am 0.05% 9 > 5am 11.21% 2029 > 6am 13.47% 2438 > 7am 12.81% 2318 > 8am 8.87% 1605 > 9am 5.92% 1071 > 10am 3.00% 543 > 11am 2.51% 454 > 12noon 5.96% 1078 > 1pm 7.35% 1330 > 2pm 4.02% 727 > 3pm 2.29% 415 > 4pm 1.45% 262 > 5pm 1.31% 237 > 6pm 1.64% 296 > 7pm 4.08% 739 > 8pm 4.80% 868 > 9pm 8.13% 1472 > 10pm 1.14% 206 > 11pm 0.00% 0 > > In the sock.log file there is these line over and over again > > [2002-07-04 22:07:22] SOCKS Proxy [130.94.243.68]: TCP Connection failed: > 199.104.79.225:25 for user > [2002-07-04 22:07:41] SOCKS Proxy [130.94.243.88]: TCP Connection failed: > 64.225.154.175:25 for user > [2002-07-04 22:07:57] SOCKS Proxy [130.94.243.68]: TCP Connection failed: > 209.1.144.192:25 for user > [2002-07-04 22:08:21] SOCKS Proxy [130.94.243.68]: TCP Connection failed: > 209.1.144.192:25 for user > [2002-07-04 22:08:29] SOCKS Proxy [130.94.243.88]: TCP Connection failed: > 66.150.5.36:25 for user > [2002-07-04 22:08:46] SOCKS Proxy [130.94.243.68]: TCP Connection failed: > 209.1.144.192:25 for user > [2002-07-04 22:08:53] SOCKS Proxy [130.94.243.88]: TCP Connection failed: > 66.150.5.36:25 for user > [2002-07-04 22:08:57] SOCKS Proxy [130.94.243.84]: TCP Connection failed: > 65.54.232.7:25 for user > [2002-07-04 22:08:58] SOCKS Proxy [130.94.243.88]: TCP Connection failed: > 208.254.129.3:25 for user > [2002-07-04 22:09:14] SOCKS Proxy [130.94.243.34]: TCP Connection failed: > 192.168.1.1:25 for user > [2002-07-04 22:09:22] SOCKS Proxy [130.94.243.68]: TCP Connection failed: > 66.51.203.11:25 for user > [2002-07-04 22:09:37] SOCKS Proxy [130.94.243.34]: TCP Connection failed: > 192.168.1.1:25 for user > [2002-07-04 22:09:38] SOCKS Proxy [130.94.243.88]: TCP Connection failed: > 64.225.154.175:25 for user > [2002-07-04 22:09:47] SOCKS Proxy [130.94.243.68]: TCP Connection failed: > 66.51.203.11:25 for user > > And just today the log file already fills 124 pages. > > Is it something to worry about, if so what can I do to get the user to stop? > ------------------------------------------------------- > To unsubscribe please go to http://www.sambar.ch/list/ -- Arturo Rodr�guez Mutis Director de Inform�tica Melexa Ltda. PBX (571) 360 3055 mailto:[EMAIL PROTECTED] FAX (571) 360 2562 http://www.melexa.com Cll 10 # 29 - 31 Bogot�, Colombia ------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/
