Suspicious connection

Discussion in 'Server Operation' started by sergio.morales, Nov 2, 2013.

  1. sergio.morales

    sergio.morales New Member

    Hello everyone. I was looking at why my server was running hotter than usual, and found the following connection when I ran an "lsof | grep perl":

    perl 32377 www-data 4u IPv4 299311 0t0 TCP server1.myserver.com:45820->42-73-46-200-ip.alianzaviva.net:81 (ESTABLISHED)

    I saw three of these connections, and immediately after I killed them, the server load dropped significantly. Is there anything I need to look out for? What could they have been doing on my server connecting thru port 81?

    Please help!

    sERGE
     
  2. Quaxth

    Quaxth New Member

    It's registered via Networksolutions in Panama:

    Code:
    Domain Name: ALIANZAVIVA.NET
    Registry Domain ID:  
    Registrar WHOIS Server: whois.networksolutions.com
    Registrar URL: http//www.networksolutions.com/en_US/
    Updated Date: 2013-04-13
    Creation Date: 2001-07-23
    Registrar Registration Expiration Date: 2014-07-23
    Registrar: NETWORK SOLUTIONS, LLC.
    Registrar IANA ID: 2
    Registrar Abuse Contact Email: [email protected]
    Registrar Abuse Contact Phone: 1-800-333-7680
    Reseller: 
    Domain Status: clientTransferProhibited
    Registry Registrant ID: 
    Registrant Name: Alianza Viva
    Registrant Organization: Alianza Viva
    Registrant Street: Panama
    Registrant City: No Valid City
    Registrant State: No Valid State
    You could send an Abuse Mail and complain about the attack.
     
  3. PermaNoob

    PermaNoob Member

    Had anyone ever got any results from an abuse complaint? seriously

    Anyway, sounds like the same thing I'm getting: PHP 5.x Remote Code Execution Exploit

    http://www.howtoforge.com/forums/showthread.php?t=63740
     
  4. Quaxth

    Quaxth New Member

    Networksolutions will not do anything! I had once a doamin with them and changed after 2 month because of many problems incl. uncontrollable spam etc.! That was quite some years ago, and it seems nothing has changed with them! I was read a few weeks ago about same problems with them and not replying or answering any complaint.

    That said, I would never touch them again. I've excellent experiences with NO-IP.com and namecheap.com. Both having an excellent service and responding very fast as well.
     

Share This Page