Hi all,
I have a small server that I have recently upgraded to fedora 18. After
a while, I got notified by
the provider that their firewall catches thousands of requests, with the
following error message:
*Source IP*: ellogon-SKEL
*Source Port*: 35442
*Destination IP*: 216.82.176.7
*Destinati
On 03/15/13 17:05, Georgios Petasis wrote:
> Hi all,
>
> I have a small server that I have recently upgraded to fedora 18. After a
> while, I got notified by
> the provider that their firewall catches thousands of requests, with the
> following error message:
>
> *Source IP*: ellogon-SKEL
> *Sour
Στις 15/3/2013 11:46 πμ, ο/η Ed Greshko έγραψε:
On 03/15/13 17:05, Georgios Petasis wrote:
Hi all,
I have a small server that I have recently upgraded to fedora 18. After a
while, I got notified by
the provider that their firewall catches thousands of requests, with the
following error messag
On 03/15/13 17:46, Ed Greshko wrote:
> Is the destination IP address a single IP address or are there others.
>
> Is your system running a DNS server? If you are running one, is it supposed
> to be servicing requests from the Internet? If it is supposed to be taking
> requests from the Internet
On 03/15/13 17:55, Georgios Petasis wrote:
> No, it is always the same IP. I don't know if a DNS server is running. How
> can I check this?
>
> (There used to be a system-config-services, but I don't know if it exists
> anymore, with this new "sytstemctl" stuff)
Well, if you didn't install and
Στις 15/3/2013 11:57 πμ, ο/η Ed Greshko έγραψε:
On 03/15/13 17:46, Ed Greshko wrote:
Is the destination IP address a single IP address or are there others.
Is your system running a DNS server? If you are running one, is it supposed to
be servicing requests from the Internet? If it is suppose
First, whois 216.82.176.7
216.82.176.7 belongs to a bank in the US https://www.53.com/
I don't know if it's a real bank or what?
$ whois 216.82.176.7
The last part of your ISPs message is interesting because it says:
"packet length 1400 bytes exceeds configured limit of 512 bytes"
So somethin
I suspect that it is a joomla 1.5.26 exploit. I have found two php files
in the tmp folder of one web site,
and POSTs to them in the apache access log file.
(I know this is an old version of joomla, and I have made the mistake to
make the folders tmp, cache & log writtable by the apache in selin
On 03/15/2013 11:16 AM, Georgios Petasis wrote:
I suspect that it is a joomla 1.5.26 exploit. I have found two php files
in the tmp folder of one web site,
and POSTs to them in the apache access log file.
(I know this is an old version of joomla, and I have made the mistake to
make the folders tm
On Fri, 15 Mar 2013 11:53:12 +, agraham wrote:
> On 03/15/2013 11:16 AM, Georgios Petasis wrote:
> > I suspect that it is a joomla 1.5.26 exploit. I have found two php files
> > in the tmp folder of one web site,
> > and POSTs to them in the apache access log file.
> > (I know this is an old v
Am 15.03.2013 12:16, schrieb Georgios Petasis:
> I suspect that it is a joomla 1.5.26 exploit. I have found two php files in
> the tmp folder of one web site,
> and POSTs to them in the apache access log file.
> I know this is an old version of joomla
this is the main problem
what your machine
Dear Reindl,
I am sorry if I gave a wrong impression, but I was reffering to the tmp,
cache and tmp folders inside the joomla installation, not the OS or
apache ones. The whole apache document root is owned by root and has a
read-only selinux policy (apache cannot write anything in there). The
W dniu 15.03.2013 11:09, Georgios Petasis pisze:
Στις 15/3/2013 11:57 πμ, ο/η Ed Greshko έγραψε:
On 03/15/13 17:46, Ed Greshko wrote:
Is the destination IP address a single IP address or are there others.
Is your system running a DNS server? If you are running one, is it
supposed to be servi
Am 15.03.2013 13:56, schrieb Georgios Petasis:
> Dear Reindl,
>
> I am sorry if I gave a wrong impression, but I was reffering to the tmp,
> cache and tmp folders inside the joomla installation, not the OS or apache
> ones
i am too
in your case this would even not had happend if it would
hav
Am 15.03.2013 14:03, schrieb Mateusz Marzantowicz:
> W dniu 15.03.2013 11:09, Georgios Petasis pisze:
>> Στις 15/3/2013 11:57 πμ, ο/η Ed Greshko έγραψε:
>>> On 03/15/13 17:46, Ed Greshko wrote:
Is the destination IP address a single IP address or are there others.
Is your system ru
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/15/2013 09:18 AM, Reindl Harald wrote:
>
>
> Am 15.03.2013 13:56, schrieb Georgios Petasis:
>> Dear Reindl,
>>
>> I am sorry if I gave a wrong impression, but I was reffering to the tmp,
>> cache and tmp folders inside the joomla installatio
On Mar 15, 2013 2:05 AM, "Georgios Petasis" wrote:
>
> Hi all,
>
> I have a small server that I have recently upgraded to fedora 18. After a
while, I got notified by
> the provider that their firewall catches thousands of requests, with the
following error message:
>
> Source IP: ellogon-SKEL
> So
Am 15.03.2013 16:25, schrieb Richard Vickery:
>> Is there anything else to do, than re-installing the machine?
>>
>> (Unfortunately, due to the huge load it creates to their firewall, they
>> remove the network cord from the server,
> so I have a few hours to debug this...)
>>
>> George
>>
>> --
On Fri, 2013-03-15 at 08:25 -0700, Richard Vickery wrote:
>
> It is not really my intent to be rude, but each of us "hack" out own
> systems and the kernel all the time.
Unfortunately, this battle over the word "hack" and "hacker" has already
been fought and lost. The media, and just about every
On 03/15/2013 02:05 AM, Georgios Petasis wrote:
*Source IP*: ellogon-SKEL
*Source Port*: 35442
*Destination IP*: 216.82.176.7
*Destination Port*: 53
*Description*: Dropped UDP DNS request from dmz:ellogon-SKEL/35442 to
outside:216.82.176.7/53; packet length 1400 bytes exceeds configured
limit of
On Mar 15, 2013 9:39 AM, "Greg Woods" wrote:
>
> On Fri, 2013-03-15 at 08:25 -0700, Richard Vickery wrote:
> >
> > It is not really my intent to be rude, but each of us "hack" out own
> > systems and the kernel all the time.
>
> Unfortunately, this battle over the word "hack" and "hacker" has alr
21 matches
Mail list logo
