Sometimes You have to obtain via command line on a list of IP addresses and you need to be sure it will not contain any IP addresses assigned to the machine You’re working on – especially, when You’re planning to use this list during automated modification of firewall rules.
Seeing requests to //tmp/wegh.php in Apache logs is probably not a good sign. Few days ago I wrote about how important paranoid firewall-output filtering is on a shared hosting server, today I’ll take a closer look on the next Joomla hack found active today. This time the “hacker” tried to attack the IP addresses 161.113.4.6 Read the full article…
Today the CSF firewall on one of our servers controlled by DirectAdmin started showing blocked outgoing UDP connections to 216.82.176.7 on ports 25, 80 and 443. kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=X.X.X.X \ DST=216.82.176.7 LEN=1421 TOS=0x00 PREC=0x00 TTL=64 ID=12594 \ DF PROTO=UDP SPT=39792 DPT=80 LEN=1401 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=X.X.X.X \ DST=216.82.176.7 Read the full article…