Hola a todos, tengo un servidor y desde hace días está sufriendo ataques salientes a otros equipos remotos.
Le hago a mi server un
y me aparecen muchas ip en Time Wait.
Si alguien puede iluminarme con alguna solución a añadir o poder evitar esto sería genial.
También mencionar que hoy encontré una carpeta dentro de Joomla editada hace un mes con unos archivos un tanto curiosos para realizar ataques a otros equipos remotos por lo que se ve.
Si sirve de ayuda adjunto un log de mi netstat por si alguien sabe que puedo hacer por favor.
Siendo 999.999.999.99 la ip de mi servidor modificada.
Gracias.
Código:
[root@server ~]# netstat -tapn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 1390/clamd
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 11433/spamd.pid
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1433/httpd
tcp 0 0 0.0.0.0:8880 0.0.0.0:* LISTEN 1509/sw-cp-server
tcp 0 0 999.999.999.999:53 0.0.0.0:* LISTEN 1963/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1963/named
tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN 2130/drwebd.real
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1963/named
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1433/httpd
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 1509/sw-cp-server
tcp 0 0 0.0.0.0:69 0.0.0.0:* LISTEN 1373/sshd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1859/mysqld
tcp 0 0 999.999.999.999:80 180.76.6.231:46045 TIME_WAIT -
tcp 0 0 999.999.999.999:80 77.27.108.133:57372 TIME_WAIT -
tcp 0 0 999.999.999.999:21 83.63.207.186:50682 ESTABLISHED 3158/proftpd: last
tcp 0 0 999.999.999.999:80 79.147.245.179:2203 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:59559 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2225 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2233 TIME_WAIT -
tcp 0 0 999.999.999.999:80 77.27.108.133:57375 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:59245 TIME_WAIT -
tcp 0 0 999.999.999.999:80 77.27.108.133:57381 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2217 TIME_WAIT -
tcp 0 0 999.999.999.999:80 83.45.34.189:49601 FIN_WAIT2 -
tcp 0 0 999.999.999.999:80 79.147.245.179:2193 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3882 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3877 TIME_WAIT -
tcp 0 0 999.999.999.999:80 77.27.108.133:57370 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:59849 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:59151 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2221 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2199 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:59472 TIME_WAIT -
tcp 0 64 999.999.999.999:69 83.63.207.186:51457 ESTABLISHED 4008/sshd
tcp 0 0 999.999.999.999:80 77.27.108.133:57388 TIME_WAIT -
tcp 0 0 999.999.999.999:80 77.27.108.133:57380 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:59661 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3900 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3892 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3886 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3861 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2231 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2205 TIME_WAIT -
tcp 0 0 999.999.999.999:80 77.27.108.133:57369 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2235 TIME_WAIT -
tcp 0 0 999.999.999.999:80 77.27.108.133:57398 ESTABLISHED 1501/httpd
tcp 0 0 999.999.999.999:80 77.27.108.133:57399 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2197 TIME_WAIT -
tcp 0 0 999.999.999.999:80 180.76.5.191:53873 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3876 TIME_WAIT -
tcp 0 14600 999.999.999.999:80 180.76.5.154:45845 ESTABLISHED 1436/httpd
tcp 0 0 999.999.999.999:80 2.137.171.110:3860 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3898 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2195 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:59925 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3889 TIME_WAIT -
tcp 0 0 999.999.999.999:80 77.27.108.133:57379 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3865 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3862 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3869 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:60105 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3868 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2207 TIME_WAIT -
tcp 0 0 999.999.999.999:80 77.27.108.133:57368 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2191 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:60210 ESTABLISHED 1439/httpd
tcp 0 0 999.999.999.999:80 79.153.162.90:63896 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3885 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2227 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3881 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3934 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3874 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3899 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2223 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3941 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3863 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3878 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2209 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3866 TIME_WAIT -
tcp 0 0 999.999.999.999:80 162.243.126.63:59358 TIME_WAIT -
tcp 0 0 999.999.999.999:80 79.147.245.179:2211 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3858 TIME_WAIT -
tcp 0 0 999.999.999.999:80 2.137.171.110:3938 TIME_WAIT -
tcp 0 0 :::110 :::* LISTEN 1449/couriertcpd
tcp 0 0 :::143 :::* LISTEN 1432/couriertcpd
tcp 0 0 :::8880 :::* LISTEN 1509/sw-cp-server
tcp 0 0 :::53 :::* LISTEN 1963/named
tcp 0 0 :::21 :::* LISTEN 1381/xinetd
tcp 0 0 :::8443 :::* LISTEN 1509/sw-cp-server
tcp 0 0 :::993 :::* LISTEN 1441/couriertcpd
tcp 0 0 :::995 :::* LISTEN 1458/couriertcpd
tcp 0 0 :::69 :::* LISTEN 1373/sshd
tcp 0 0 :::106 :::* LISTEN 1381/xinetd