Help - Search - Members - Calendar
Full Version: is somebody hacking me
The Planet Forums > Security > DoS & D-DoS Mitigation
Anonymous
Jan 17 2004, 07:16 PM
for last couple days my server goes down at about the same time every night
or it becomes really really slow

so this time i SSH into my server type in "netstat"
and i get this alot of moscow something bla bla

and i get this in my email

ERROR: I guess another mrtg is running. A lockfile (/etc/mrtg/mrtg.cfg_l) aged
8 seconds is hanging around. If you are sure that no other mrtg
is running you can remove the lockfile

so does anybody knows what is going on because i have no idea ???



Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 NS1.IRMIN.COM:http 62-130-109-197.ve:squid SYN_RECV
tcp 0 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3265 SYN_RECV
tcp 0 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3261 SYN_RECV
tcp 0 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3263 SYN_RECV
tcp 0 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3264 SYN_RECV
tcp 0 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3262 SYN_RECV
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3245 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54464 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54496 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3244 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54465 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54497 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3247 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54466 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3246 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54467 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http 209-237-18-183.hyp:3765 ESTABLISHED
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54469 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3243 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54470 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54471 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54472 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:ftp adsl-68-73-64-7.ds:3713 ESTABLISHED
tcp 0 0 NS1.IRMIN.COM:http 209-237-18-183.hyp:3769 ESTABLISHED
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54473 TIME_WAIT
tcp 0 91980 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3239 ESTABLISHED
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54474 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http cache-frr-aa08.pr:46408 ESTABLISHED
tcp 0 83220 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3238 ESTABLISHED
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54475 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http adsl-68-73-64-7.ds:3970 TIME_WAIT
tcp 1 37504 NS1.IRMIN.COM:http wc05.wlfdle.rnc.n:50478 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54476 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http adsl-68-73-64-7.ds:3973 ESTABLISHED
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54477 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http adsl-68-73-64-7.ds:3972 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54478 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:ftp 65-120-107-187.vel:4799 ESTABLISHED
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54479 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54480 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3260 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54481 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:54403 65-120-107-187.vel:3125 ESTABLISHED
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54482 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54483 TIME_WAIT
tcp 0 3592 NS1.IRMIN.COM:ssh 65-120-107-187.vel:3075 ESTABLISHED
tcp 0 0 NS1.IRMIN.COM:http c-a8a071d5.011-28-:1586 ESTABLISHED
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3257 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http adsl-68-73-64-7.ds:3965 ESTABLISHED
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54484 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3256 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54485 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3259 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54485 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3259 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http adsl-68-73-64-7.ds:3967 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54486 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3258 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http adsl-68-73-64-7.ds:3966 ESTABLISHED
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54455 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54487 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:2086 65-120-107-187.vel:3087 ESTABLISHED
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3253 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54456 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54488 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3252 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54457 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54489 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3255 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54458 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54490 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3254 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54459 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54491 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3249 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54460 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54492 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3248 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http 148.135.62.81.dia:10056 ESTABLISHED
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54461 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54493 TIME_WAIT
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3251 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http 148.135.62.81.dia:10059 ESTABLISHED
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54462 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54494 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:54468 adsl-68-73-64-7.ds:3971 ESTABLISHED
tcp 1 0 NS1.IRMIN.COM:http ts27-a143.Moscow.d:3250 CLOSE_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54463 TIME_WAIT
tcp 0 0 NS1.IRMIN.COM:http NS1.IRMIN.COM:54495 TIME_WAIT
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 15 [ ] DGRAM 2834 /dev/log
unix 2 [ ] DGRAM 1808490
unix 2 [ ] DGRAM 1625950
unix 2 [ ] DGRAM 1625949
unix 2 [ ] DGRAM 1625544
unix 2 [ ] STREAM CONNECTED 1585289
unix 2 [ ] DGRAM 368475
unix 2 [ ] DGRAM 368474
unix 2 [ ] DGRAM 368456
unix 2 [ ] DGRAM 10531
unix 2 [ ] DGRAM 9308
unix 2 [ ] DGRAM 7488
unix 2 [ ] DGRAM 3637
unix 2 [ ] DGRAM 3034
unix 2 [ ] DGRAM 2842
root@NS1 [~]#
hp
Jan 18 2004, 05:32 AM
i have this too every night load goes up - its happening ~3-5 am GMT - then everything is back to normal.

i eaven disabled backup to see if its a problem.

i dont see anything bad in logs.

its for last week - newer before.

im on RHE3 + cpanel
Anonymous
Jan 18 2004, 08:58 PM
Yeah same with me
my starts around 8 or 9 Pm Eastern
atuarre
Jan 18 2004, 11:41 PM
Perhaps you should contact support regarding it.
Seth2
Jan 19 2004, 11:13 AM
Even though Im on a win2k3 box, my box went down last night. donno if this will continue or not.
Anonymous
Jan 25 2004, 11:47 AM
has this been fixed yet?
Anonymous
Jan 26 2004, 01:13 PM
I contaced the support
and i really dont know if they did anything or not
but im not having this problem anymore
damainman
Jan 26 2004, 09:51 PM
did they give u an idea on what was causing it or how to prevent it?
Anonymous
Jan 28 2004, 02:21 PM
all they said is that it is just someone surfing my site
because all those connections were coming on port 80

and everything was just fine for the last few days, now im having the same problem again and the server sometimes goes down and attepmts to restart
or becomes really really slow
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.