RE: Is it hack? How to prevent!

2006-02-25 Thread fbsd_user 
What this means is you have no firewall blocking
the port numbers those services use.

Or you really do have mysql, and SSH installed and people are
trying to remotely login and your box is doing its job of
denying the unauthorized login attempt.

But my money is on the firewall.
You have none or it's rules are not correct.

Read the firewall section of the FreeBSD handbook and
use the ipfilter example rule set.

As an after though, 4.8 is an unsupported system
and 6.0 is the current production version.
Time to upgrade by installing from scratch 6.0.

Give the Install Guide at www.a1poweruser.com a look.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of The Happy
Sent: Saturday, February 25, 2006 10:46 AM
To: freebsd-questions@freebsd.org
Subject: Is it hack? How to prevent!


Hello everyone,

I'm on freebsd 4.8R acting as a webserver and email server, I keep
getting
In my /var/log/messages a strange 3 type of messages,

1)
   mysqld[8541]: error: /etc/hosts.allow, line 212: twist option in
resident
process
   last message repeated 73 times

2)
  inetd[50977]: warning: /etc/hosts.allow, line 25: host name/address
mismatch: 208.34.235.251 !=
  mail.nrms.org

3)
  sshd[40712]: warning: /etc/hosts.allow, line 25: can't verify
hostname:
getaddrinfo(na-163-
  219.na.avantel.net.mx, AF_INET) failed
  (I keep getting differnt host everytime)

  about messages 2 and 3 i think its some hacks attempts How i can
preven
this type of
  access? unmatched IPs?

  what about messages number 1? what doest mean is it hack attempt?

  My logs are full of these messages, please help
  Note line 25 in /etc/hosts.allow is ALL : .temma.net : deny and has
nothing to do with these logs
  its just the first rule in the file.

  Thank you in advance.

  Marwan

_
Express yourself instantly with MSN Messenger! Download today it's
FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Is it hack? How to prevent!

2006-02-25 Thread The Happy 

Hello everyone,

   I'm on freebsd 4.8R acting as a webserver and email server, I keep 
getting

   In my /var/log/messages a strange 3 type of messages,

1)
  mysqld[8541]: error: /etc/hosts.allow, line 212: twist option in resident 
process

  last message repeated 73 times

2)
 inetd[50977]: warning: /etc/hosts.allow, line 25: host name/address 
mismatch: 208.34.235.251 !=

 mail.nrms.org

3)
 sshd[40712]: warning: /etc/hosts.allow, line 25: can't verify hostname: 
getaddrinfo(na-163-

 219.na.avantel.net.mx, AF_INET) failed
 (I keep getting differnt host everytime)

 about messages 2 and 3 i think its some hacks attempts How i can preven 
this type of

 access? unmatched IPs?

 what about messages number 1? what doest mean is it hack attempt?

 My logs are full of these messages, please help
 Note line 25 in /etc/hosts.allow is ALL : .temma.net : deny and has 
nothing to do with these logs

 its just the first rule in the file.

 Thank you in advance.

 Marwan

_
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"