Facebook
Twitter
S
sharingsunshine@
Guest
Hello,
I found this entry in my LogWatch.
--------------------- Connections (secure-log) Begin ------------------------
Connections:
Service auth:
127.0.1.51: 1 Time(s)
I have port 113 - Auth locked down via the Plesk Firewall module. Here is the information.
********************
#!/bin/sh
#
# Automatically generated by Plesk netconf
#
set -e
echo 0 > /proc/sys/net/ipv4/ip_forward
([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
(rmmod ipchains) >/dev/null 2>&1 || true
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A FORWARD -m state --state INVALID -j DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
/sbin/iptables -t mangle -Z
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P INPUT ACCEPT
/sbin/iptables -t mangle -P FORWARD ACCEPT
/sbin/iptables -t mangle -P POSTROUTING ACCEPT
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -t nat -Z
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 8443 -s 220.225.128.155 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 23 -j DROP
/sbin/iptables -A INPUT -p udp --dport 23 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 106 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 113 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 143 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 465 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 631 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 953 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 993 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 995 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 3000 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 3306 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 8443 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 8443 -s 216.40.228.128/25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 8443 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 21 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 21 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 22 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 22 -s 216.40.228.128/25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 22 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 143 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 993 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 143 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 993 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 106 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 106 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 3306 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 3306 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 5432 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 9008 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 9080 -j DROP
/sbin/iptables -A INPUT -p udp --dport 137 -j DROP
/sbin/iptables -A INPUT -p udp --dport 138 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 139 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 445 -j DROP
/sbin/iptables -A INPUT -p udp --dport 1194 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 1194 -j DROP
/sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j DROP
/sbin/iptables -A INPUT -j ACCEPT
/sbin/iptables -A OUTPUT -j ACCEPT
/sbin/iptables -A FORWARD -j DROP
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /usr/local/psa/var/modules/firewall/ip_forward.active
chmod 644 /usr/local/psa/var/modules/firewall/ip_forward.active
#
# End of script
#
*******************
I have two questions.
1. Is this a sign of a hacker in my system?
2. Is there anything else I can do to strengthem my firewall rules?
Thanks,
Randal
I found this entry in my LogWatch.
--------------------- Connections (secure-log) Begin ------------------------
Connections:
Service auth:
127.0.1.51: 1 Time(s)
I have port 113 - Auth locked down via the Plesk Firewall module. Here is the information.
********************
#!/bin/sh
#
# Automatically generated by Plesk netconf
#
set -e
echo 0 > /proc/sys/net/ipv4/ip_forward
([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
(rmmod ipchains) >/dev/null 2>&1 || true
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A FORWARD -m state --state INVALID -j DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
/sbin/iptables -t mangle -Z
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P INPUT ACCEPT
/sbin/iptables -t mangle -P FORWARD ACCEPT
/sbin/iptables -t mangle -P POSTROUTING ACCEPT
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -t nat -Z
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 8443 -s 220.225.128.155 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 23 -j DROP
/sbin/iptables -A INPUT -p udp --dport 23 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 106 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 113 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 143 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 465 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 631 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 953 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 993 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 995 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 3000 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 3306 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 8443 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 8443 -s 216.40.228.128/25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 8443 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 21 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 21 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 22 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 22 -s 216.40.228.128/25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 22 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 143 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 993 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 143 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 993 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 106 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 106 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 3306 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 3306 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 5432 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 9008 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 9080 -j DROP
/sbin/iptables -A INPUT -p udp --dport 137 -j DROP
/sbin/iptables -A INPUT -p udp --dport 138 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 139 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 445 -j DROP
/sbin/iptables -A INPUT -p udp --dport 1194 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 1194 -j DROP
/sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -s 69.34.35.58 -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j DROP
/sbin/iptables -A INPUT -j ACCEPT
/sbin/iptables -A OUTPUT -j ACCEPT
/sbin/iptables -A FORWARD -j DROP
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /usr/local/psa/var/modules/firewall/ip_forward.active
chmod 644 /usr/local/psa/var/modules/firewall/ip_forward.active
#
# End of script
#
*******************
I have two questions.
1. Is this a sign of a hacker in my system?
2. Is there anything else I can do to strengthem my firewall rules?
Thanks,
Randal
