#1  
Old 2nd November 2013, 16:08
sergio.morales sergio.morales is offline
Senior Member
 
Join Date: Apr 2008
Posts: 107
Thanks: 3
Thanked 2 Times in 2 Posts
Default Suspicious connection

Hello everyone. I was looking at why my server was running hotter than usual, and found the following connection when I ran an "lsof | grep perl":

perl 32377 www-data 4u IPv4 299311 0t0 TCP server1.myserver.com:45820->42-73-46-200-ip.alianzaviva.net:81 (ESTABLISHED)

I saw three of these connections, and immediately after I killed them, the server load dropped significantly. Is there anything I need to look out for? What could they have been doing on my server connecting thru port 81?

Please help!

sERGE
Reply With Quote
Sponsored Links
  #2  
Old 2nd November 2013, 17:08
Quaxth Quaxth is offline
Senior Member
 
Join Date: Sep 2013
Location: Samut Prakan, Thailand
Posts: 440
Thanks: 48
Thanked 34 Times in 31 Posts
Send a message via Skype™ to Quaxth
Default

It's registered via Networksolutions in Panama:

Code:
Domain Name: ALIANZAVIVA.NET
Registry Domain ID:  
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http//www.networksolutions.com/en_US/
Updated Date: 2013-04-13
Creation Date: 2001-07-23
Registrar Registration Expiration Date: 2014-07-23
Registrar: NETWORK SOLUTIONS, LLC.
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: 1-800-333-7680
Reseller: 
Domain Status: clientTransferProhibited
Registry Registrant ID: 
Registrant Name: Alianza Viva
Registrant Organization: Alianza Viva
Registrant Street: Panama
Registrant City: No Valid City
Registrant State: No Valid State
You could send an Abuse Mail and complain about the attack.
__________________
*************
Have a nice day.
Reply With Quote
  #3  
Old 4th November 2013, 13:46
PermaNoob PermaNoob is offline
Senior Member
 
Join Date: Jan 2007
Posts: 194
Thanks: 12
Thanked 5 Times in 5 Posts
Default

Quote:
Originally Posted by Quaxth View Post
It's registered via Networksolutions in Panama:

Code:
Domain Name: ALIANZAVIVA.NET
Registry Domain ID:  
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http//www.networksolutions.com/en_US/
Updated Date: 2013-04-13
Creation Date: 2001-07-23
Registrar Registration Expiration Date: 2014-07-23
Registrar: NETWORK SOLUTIONS, LLC.
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: 1-800-333-7680
Reseller: 
Domain Status: clientTransferProhibited
Registry Registrant ID: 
Registrant Name: Alianza Viva
Registrant Organization: Alianza Viva
Registrant Street: Panama
Registrant City: No Valid City
Registrant State: No Valid State
You could send an Abuse Mail and complain about the attack.
Had anyone ever got any results from an abuse complaint? seriously

Anyway, sounds like the same thing I'm getting: PHP 5.x Remote Code Execution Exploit

http://www.howtoforge.com/forums/showthread.php?t=63740
Reply With Quote
  #4  
Old 8th November 2013, 14:11
Quaxth Quaxth is offline
Senior Member
 
Join Date: Sep 2013
Location: Samut Prakan, Thailand
Posts: 440
Thanks: 48
Thanked 34 Times in 31 Posts
Send a message via Skype™ to Quaxth
 
Default

Networksolutions will not do anything! I had once a doamin with them and changed after 2 month because of many problems incl. uncontrollable spam etc.! That was quite some years ago, and it seems nothing has changed with them! I was read a few weeks ago about same problems with them and not replying or answering any complaint.

That said, I would never touch them again. I've excellent experiences with NO-IP.com and namecheap.com. Both having an excellent service and responding very fast as well.
__________________
*************
Have a nice day.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ispconfig 3 cant receive emails lishaw1968 Installation/Configuration 25 19th August 2013 10:37
ISPConfig "backend" completely unfunctional after a restart Xaymar Installation/Configuration 1 22nd August 2011 22:31
ISPConfig 3 Send/Receive mail not working. Acidut General 6 4th April 2010 11:24
squirrelmail and postfix witoszek General 12 1st December 2009 18:07
Mail not working epicuniversal General 5 13th June 2009 08:24


All times are GMT +2. The time now is 13:30.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.