Servidor afectado de ataques salientes Le hago a mi server un
Código:
y me aparecen muchas ip en Time Wait.netstat -tapn
Si alguien puede iluminarme con alguna solución a añadir o poder evitar esto sería genial.
También mencionar que hoy encontré una carpeta dentro de Joomla editada hace un mes con unos archivos un tanto curiosos para realizar ataques a otros equipos remotos por lo que se ve.
Si sirve de ayuda adjunto un log de mi netstat por si alguien sabe que puedo hacer por favor.
Siendo 999.999.999.99 la ip de mi servidor modificada.
Gracias.
Código:
[root@server ~]# netstat -tapn Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 1390/clamd tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 11433/spamd.pid tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1433/httpd tcp 0 0 0.0.0.0:8880 0.0.0.0:* LISTEN 1509/sw-cp-server tcp 0 0 999.999.999.999:53 0.0.0.0:* LISTEN 1963/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1963/named tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN 2130/drwebd.real tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1963/named tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1433/httpd tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 1509/sw-cp-server tcp 0 0 0.0.0.0:69 0.0.0.0:* LISTEN 1373/sshd tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1859/mysqld tcp 0 0 999.999.999.999:80 180.76.6.231:46045 TIME_WAIT - tcp 0 0 999.999.999.999:80 77.27.108.133:57372 TIME_WAIT - tcp 0 0 999.999.999.999:21 83.63.207.186:50682 ESTABLISHED 3158/proftpd: last tcp 0 0 999.999.999.999:80 79.147.245.179:2203 TIME_WAIT - tcp 0 0 999.999.999.999:80 162.243.126.63:59559 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2225 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2233 TIME_WAIT - tcp 0 0 999.999.999.999:80 77.27.108.133:57375 TIME_WAIT - tcp 0 0 999.999.999.999:80 162.243.126.63:59245 TIME_WAIT - tcp 0 0 999.999.999.999:80 77.27.108.133:57381 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2217 TIME_WAIT - tcp 0 0 999.999.999.999:80 83.45.34.189:49601 FIN_WAIT2 - tcp 0 0 999.999.999.999:80 79.147.245.179:2193 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3882 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3877 TIME_WAIT - tcp 0 0 999.999.999.999:80 77.27.108.133:57370 TIME_WAIT - tcp 0 0 999.999.999.999:80 162.243.126.63:59849 TIME_WAIT - tcp 0 0 999.999.999.999:80 162.243.126.63:59151 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2221 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2199 TIME_WAIT - tcp 0 0 999.999.999.999:80 162.243.126.63:59472 TIME_WAIT - tcp 0 64 999.999.999.999:69 83.63.207.186:51457 ESTABLISHED 4008/sshd tcp 0 0 999.999.999.999:80 77.27.108.133:57388 TIME_WAIT - tcp 0 0 999.999.999.999:80 77.27.108.133:57380 TIME_WAIT - tcp 0 0 999.999.999.999:80 162.243.126.63:59661 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3900 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3892 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3886 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3861 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2231 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2205 TIME_WAIT - tcp 0 0 999.999.999.999:80 77.27.108.133:57369 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2235 TIME_WAIT - tcp 0 0 999.999.999.999:80 77.27.108.133:57398 ESTABLISHED 1501/httpd tcp 0 0 999.999.999.999:80 77.27.108.133:57399 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2197 TIME_WAIT - tcp 0 0 999.999.999.999:80 180.76.5.191:53873 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3876 TIME_WAIT - tcp 0 14600 999.999.999.999:80 180.76.5.154:45845 ESTABLISHED 1436/httpd tcp 0 0 999.999.999.999:80 2.137.171.110:3860 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3898 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2195 TIME_WAIT - tcp 0 0 999.999.999.999:80 162.243.126.63:59925 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3889 TIME_WAIT - tcp 0 0 999.999.999.999:80 77.27.108.133:57379 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3865 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3862 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3869 TIME_WAIT - tcp 0 0 999.999.999.999:80 162.243.126.63:60105 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3868 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2207 TIME_WAIT - tcp 0 0 999.999.999.999:80 77.27.108.133:57368 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2191 TIME_WAIT - tcp 0 0 999.999.999.999:80 162.243.126.63:60210 ESTABLISHED 1439/httpd tcp 0 0 999.999.999.999:80 79.153.162.90:63896 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3885 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2227 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3881 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3934 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3874 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3899 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2223 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3941 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3863 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3878 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2209 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3866 TIME_WAIT - tcp 0 0 999.999.999.999:80 162.243.126.63:59358 TIME_WAIT - tcp 0 0 999.999.999.999:80 79.147.245.179:2211 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3858 TIME_WAIT - tcp 0 0 999.999.999.999:80 2.137.171.110:3938 TIME_WAIT - tcp 0 0 :::110 :::* LISTEN 1449/couriertcpd tcp 0 0 :::143 :::* LISTEN 1432/couriertcpd tcp 0 0 :::8880 :::* LISTEN 1509/sw-cp-server tcp 0 0 :::53 :::* LISTEN 1963/named tcp 0 0 :::21 :::* LISTEN 1381/xinetd tcp 0 0 :::8443 :::* LISTEN 1509/sw-cp-server tcp 0 0 :::993 :::* LISTEN 1441/couriertcpd tcp 0 0 :::995 :::* LISTEN 1458/couriertcpd tcp 0 0 :::69 :::* LISTEN 1373/sshd tcp 0 0 :::106 :::* LISTEN 1381/xinetd
