Jump to content
Sign in to follow this  
dr5y51em

Хакнули сервер

Recommended Posts

Парни, помогите, я на таком уровне администрирования не очень силён.

Предыстория, взяли тачку у немцев на HETZNER поставили на неё VDS ISP Manager, который сам подтянул нужный софт (KVM, Apache и т.д.).

Пароли все достаточно сложные, у рута аж 32 символа (аля md5).

В итоге мне приходит письмо примерно такого содержания:

Цитата:

Dear Sir or Madam

We regret to inform you that your server with the IP address mentioned in the above subject line has carried out scans on other internet servers.

As a result this has placed a considerable strain on network resources and consequently a segment of our network has been very adversely affected.

Your server has therefore been deactivated as a precautionary measure.

A corresponding traffic protocol is attached for your information.

к нему лог

Цитата:

############################################################ ##############

# Netscan detected from host 213.239.193.168 #

############################################################ ##############

time protocol src_ip src_port dest_ip dest_port

------------------------------------------------------------ ---------------

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.1 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.2 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.3 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.4 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.5 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.6 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.7 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.8 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.9 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.10 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.11 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.12 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.13 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.14 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.15 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.16 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.17 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.18 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.19 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.20 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.21 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.22 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.23 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.24 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.25 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.26 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.27 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.28 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.29 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.30 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.31 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.32 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.33 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.34 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.35 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.36 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.37 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.38 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.39 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.40 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.41 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.42 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.43 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.44 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.45 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.46 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.47 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.48 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.49 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.50 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.51 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.52 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.53 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.54 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.55 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.56 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.57 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.58 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.59 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.60 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.61 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.62 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.63 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.64 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.65 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.66 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.67 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.68 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.69 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.70 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.71 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.72 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.73 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.74 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.75 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.170 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.171 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.174 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.176 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.178 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.180 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.182 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.184 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.186 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.187 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.189 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.192 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.193 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.196 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.197 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.198 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.200 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.201 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.204 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.205 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.208 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.210 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.212 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.213 22

Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.215 22

из которого видно, что сервер сканирует внутреннюю сеть провайдера. Сейчас доступ открыт на сервер только для моего IP

Цитата:

netstat -apn|grep tcp

tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1558/kvm

tcp 0 0 0.0.0.0:5902 0.0.0.0:* LISTEN 1584/kvm

tcp 0 0 213.239.193.168:80 0.0.0.0:* LISTEN 1509/nginx

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1520/sshd

tcp 0 0 213.239.193.168:22 46.149.225.56:36574 ESTABLISHED 1526/sshd: root@not

tcp 0 52 213.239.193.168:22 46.149.225.56:39544 ESTABLISHED 1674/0

tcp6 0 0 :::8080 :::* LISTEN 1368/apache2

tcp6 0 0 :::22 :::* LISTEN 1520/sshd

tcp6 0 0 :::443 :::* LISTEN 1368/apache2

вот скан открытых портов

Цитата:

Starting Nmap 5.00 (
) at 2012-02-10 23:40 NOVT

Interesting ports on static.213-239-193-168.clients.your-server.de (213.239.193.168):

PORT STATE SERVICE

1/tcp open tcpmux

3/tcp open compressnet

4/tcp open unknown

6/tcp open unknown

7/tcp open echo

9/tcp open discard

13/tcp open daytime

17/tcp open qotd

19/tcp open chargen

20/tcp open ftp-data

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

24/tcp open priv-mail

25/tcp open smtp

26/tcp open rsftp

30/tcp open unknown

32/tcp open unknown

33/tcp open dsp

37/tcp open time

42/tcp open nameserver

43/tcp open whois

49/tcp open tacacs

53/tcp open domain

70/tcp open gopher

79/tcp open finger

80/tcp open http

81/tcp open hosts2-ns

82/tcp open xfer

83/tcp open mit-ml-dev

84/tcp open ctf

85/tcp open mit-ml-dev

88/tcp open kerberos-sec

89/tcp open su-mit-tg

90/tcp open dnsix

99/tcp open metagram

100/tcp open newacct

106/tcp open pop3pw

109/tcp open pop2

110/tcp open pop3

111/tcp open rpcbind

113/tcp open auth

119/tcp open nntp

125/tcp open locus-map

135/tcp open msrpc

139/tcp open netbios-ssn

143/tcp open imap

144/tcp open news

146/tcp open iso-tp0

161/tcp open snmp

163/tcp open cmip-man

179/tcp open bgp

199/tcp open smux

211/tcp open 914c-g

212/tcp open anet

222/tcp open rsh-spx

254/tcp open unknown

255/tcp open unknown

256/tcp open fw1-secureremote

259/tcp open esro-gen

264/tcp open bgmp

280/tcp open http-mgmt

301/tcp open unknown

306/tcp open unknown

311/tcp open asip-webadmin

340/tcp open unknown

366/tcp open odmr

389/tcp open ldap

406/tcp open imsp

407/tcp open timbuktu

416/tcp open silverplatter

417/tcp open onmux

425/tcp open icad-el

427/tcp open svrloc

443/tcp open https

444/tcp open snpp

445/tcp open microsoft-ds

458/tcp open appleqtc

464/tcp open kpasswd5

465/tcp open smtps

481/tcp open dvs

497/tcp open retrospect

500/tcp open isakmp

512/tcp open exec

513/tcp open login

514/tcp open shell

515/tcp open printer

524/tcp open ncp

541/tcp open uucp-rlogin

543/tcp open klogin

544/tcp open kshell

545/tcp open ekshell

548/tcp open afp

554/tcp open rtsp

555/tcp open dsf

563/tcp open snews

587/tcp open submission

593/tcp open http-rpc-epmap

616/tcp open unknown

617/tcp open sco-dtmgr

625/tcp open apple-xsrvr-admin

631/tcp open ipp

636/tcp open ldapssl

646/tcp open ldp

648/tcp open unknown

666/tcp open doom

667/tcp open unknown

668/tcp open unknown

683/tcp open corba-iiop

687/tcp open unknown

691/tcp open resvc

700/tcp open unknown

705/tcp open unknown

711/tcp open unknown

714/tcp open unknown

720/tcp open unknown

722/tcp open unknown

726/tcp open unknown

749/tcp open kerberos-adm

765/tcp open webster

777/tcp open unknown

783/tcp open spamassassin

787/tcp open qsc

800/tcp open mdbs_daemon

801/tcp open device

808/tcp open ccproxy-http

843/tcp open unknown

873/tcp open rsync

880/tcp open unknown

888/tcp open accessbuilder

898/tcp open sun-manageconsole

900/tcp open unknown

901/tcp open samba-swat

902/tcp open iss-realsecure

903/tcp open iss-console-mgr

911/tcp open unknown

912/tcp open unknown

981/tcp open unknown

987/tcp open unknown

990/tcp open ftps

992/tcp open telnets

993/tcp open imaps

995/tcp open pop3s

999/tcp open garcon

1000/tcp open cadlock

1001/tcp open unknown

1002/tcp open windows-icfw

1007/tcp open unknown

1009/tcp open unknown

1010/tcp open unknown

1011/tcp open unknown

1021/tcp open unknown

1022/tcp open unknown

1023/tcp open netvenuechat

1024/tcp open kdm

1025/tcp open NFS-or-IIS

1026/tcp open LSA-or-nterm

1027/tcp open IIS

1028/tcp open unknown

1029/tcp open ms-lsa

1030/tcp open iad1

1031/tcp open iad2

1032/tcp open iad3

1033/tcp open netinfo

1034/tcp open zincite-a

1035/tcp open multidropper

1036/tcp open unknown

1037/tcp open unknown

1038/tcp open unknown

1039/tcp open unknown

1040/tcp open netsaint

1041/tcp open unknown

1042/tcp open unknown

1043/tcp open boinc

1044/tcp open unknown

1045/tcp open unknown

1046/tcp open unknown

1047/tcp open unknown

1048/tcp open unknown

1049/tcp open unknown

1050/tcp open java-or-OTGfileshare

1051/tcp open optima-vnet

1052/tcp open ddt

1053/tcp open unknown

1054/tcp open unknown

1055/tcp open ansyslmd

1056/tcp open unknown

1057/tcp open unknown

1058/tcp open nim

1059/tcp open nimreg

1060/tcp open polestar

1061/tcp open unknown

1062/tcp open veracity

1063/tcp open unknown

1064/tcp open unknown

1065/tcp open unknown

1066/tcp open fpo-fns

1067/tcp open instl_boots

1068/tcp open instl_bootc

1069/tcp open cognex-insight

1070/tcp open unknown

1071/tcp open unknown

1072/tcp open unknown

1073/tcp open unknown

1074/tcp open unknown

1075/tcp open unknown

1076/tcp open sns_credit

1077/tcp open unknown

1078/tcp open unknown

1079/tcp open unknown

1080/tcp open socks

1081/tcp open unknown

1082/tcp open unknown

1083/tcp open ansoft-lm-1

1084/tcp open ansoft-lm-2

1085/tcp open unknown

1086/tcp open unknown

1087/tcp open unknown

1088/tcp open unknown

1089/tcp open unknown

1090/tcp open unknown

1091/tcp open unknown

1092/tcp open unknown

1093/tcp open unknown

1094/tcp open unknown

1095/tcp open unknown

1096/tcp open unknown

1097/tcp open unknown

1098/tcp open unknown

1099/tcp open unknown

1100/tcp open unknown

1102/tcp open unknown

1104/tcp open unknown

1105/tcp open unknown

1106/tcp open unknown

1107/tcp open unknown

1108/tcp open unknown

1110/tcp open nfsd-status

1111/tcp open unknown

1112/tcp open msql

1113/tcp open unknown

1114/tcp open unknown

1117/tcp open unknown

1119/tcp open unknown

1121/tcp open unknown

1122/tcp open unknown

1123/tcp open unknown

1124/tcp open unknown

1126/tcp open unknown

1130/tcp open unknown

1131/tcp open unknown

1132/tcp open unknown

1137/tcp open unknown

1138/tcp open unknown

1141/tcp open unknown

1145/tcp open unknown

1147/tcp open unknown

1148/tcp open unknown

1149/tcp open unknown

1151/tcp open unknown

1152/tcp open unknown

1154/tcp open unknown

1163/tcp open unknown

1164/tcp open unknown

1165/tcp open unknown

1166/tcp open unknown

1169/tcp open unknown

1174/tcp open unknown

1175/tcp open unknown

1183/tcp open unknown

1185/tcp open unknown

1186/tcp open unknown

1187/tcp open unknown

1192/tcp open unknown

1198/tcp open unknown

1199/tcp open unknown

1201/tcp open unknown

1213/tcp open unknown

1216/tcp open unknown

1217/tcp open unknown

1218/tcp open aeroflight-ads

1233/tcp open unknown

1234/tcp open hotline

1236/tcp open unknown

1244/tcp open unknown

1247/tcp open unknown

1248/tcp open hermes

1259/tcp open unknown

1271/tcp open unknown

1272/tcp open unknown

1277/tcp open unknown

1287/tcp open unknown

1296/tcp open unknown

1300/tcp open unknown

1301/tcp open unknown

1309/tcp open unknown

1310/tcp open unknown

1311/tcp open rxmon

1322/tcp open unknown

1328/tcp open unknown

1334/tcp open unknown

1352/tcp open lotusnotes

1417/tcp open timbuktu-srv1

1433/tcp open ms-sql-s

1434/tcp open ms-sql-m

1443/tcp open ies-lm

1455/tcp open esl-lm

1461/tcp open ibm_wrless_lan

1494/tcp open citrix-ica

1500/tcp open vlsi-lm

1501/tcp open sas-3

1503/tcp open imtc-mcs

1521/tcp open oracle

1524/tcp open ingreslock

1533/tcp open virtual-places

1556/tcp open unknown

1580/tcp open unknown

1583/tcp open unknown

1594/tcp open unknown

1600/tcp open issd

1641/tcp open unknown

1658/tcp open unknown

1666/tcp open netview-aix-6

1687/tcp open unknown

1688/tcp open unknown

1700/tcp open mps-raft

1717/tcp open fj-hdnet

1718/tcp open unknown

1719/tcp open unknown

1720/tcp open H.323/Q.931

1721/tcp open unknown

1723/tcp open pptp

1755/tcp open wms

1761/tcp open landesk-rc

1782/tcp open hp-hcip

1783/tcp open unknown

1801/tcp open unknown

1805/tcp open unknown

1812/tcp open unknown

1839/tcp open unknown

1840/tcp open unknown

1862/tcp open unknown

1863/tcp open msnp

1864/tcp open paradym-31

1875/tcp open unknown

1900/tcp open upnp

1914/tcp open unknown

1935/tcp open rtmp

1947/tcp open unknown

1971/tcp open unknown

1972/tcp open unknown

1974/tcp open unknown

1984/tcp open bigbrother

1998/tcp open x25-svc-port

1999/tcp open tcp-id-port

2000/tcp open callbook

2001/tcp open dc

2002/tcp open globe

2003/tcp open finger

2004/tcp open mailbox

2005/tcp open deslogin

2006/tcp open invokator

2007/tcp open dectalk

2008/tcp open conf

2009/tcp open news

2010/tcp open search

2013/tcp open raid-am

2020/tcp open xinupageserver

2021/tcp open servexec

2022/tcp open down

2030/tcp open device2

2033/tcp open glogger

2034/tcp open scoremgr

2035/tcp open imsldoc

2038/tcp open objectmanager

2040/tcp open lam

2041/tcp open interbase

2042/tcp open isis

2043/tcp open isis-bcast

2045/tcp open cdfunc

2046/tcp open sdfunc

2047/tcp open dls

2048/tcp open dls-monitor

2049/tcp open nfs

2065/tcp open dlsrpn

2068/tcp open advocentkvm

2099/tcp open unknown

2100/tcp open unknown

2103/tcp open zephyr-clt

2105/tcp open eklogin

2106/tcp open ekshell

2107/tcp open unknown

2111/tcp open kx

2119/tcp open unknown

2121/tcp open ccproxy-ftp

2126/tcp open unknown

2135/tcp open unknown

2144/tcp open unknown

2160/tcp open unknown

2161/tcp open apc-agent

2170/tcp open unknown

2179/tcp open unknown

2190/tcp open unknown

2191/tcp open unknown

2196/tcp open unknown

2200/tcp open unknown

2222/tcp open unknown

2251/tcp open unknown

2260/tcp open unknown

2288/tcp open unknown

2301/tcp open compaqdiag

2323/tcp open unknown

2366/tcp open unknown

2381/tcp open unknown

2382/tcp open unknown

2383/tcp open ms-olap4

2393/tcp open unknown

2394/tcp open unknown

2399/tcp open unknown

2401/tcp open cvspserver

2492/tcp open unknown

2500/tcp open rtsserv

2522/tcp open unknown

2525/tcp open unknown

2557/tcp open unknown

2601/tcp open zebra

2602/tcp open ripd

2604/tcp open ospfd

2605/tcp open bgpd

2607/tcp open unknown

2608/tcp open unknown

2638/tcp open sybase

2701/tcp open sms-rcinfo

2702/tcp open sms-xfer

2710/tcp open unknown

2717/tcp open unknown

2718/tcp open unknown

2725/tcp open unknown

2800/tcp open unknown

2809/tcp open corbaloc

2811/tcp open unknown

2869/tcp open unknown

2875/tcp open unknown

2909/tcp open unknown

2910/tcp open unknown

2920/tcp open unknown

2967/tcp open symantec-av

2968/tcp open unknown

2998/tcp open iss-realsec

3000/tcp open ppp

3001/tcp open nessus

3003/tcp open unknown

3005/tcp open deslogin

3006/tcp open deslogind

3007/tcp open unknown

3011/tcp open unknown

3013/tcp open unknown

3017/tcp open unknown

3030/tcp open unknown

3031/tcp open unknown

3050/tcp open unknown

3052/tcp open powerchute

3071/tcp open unknown

3077/tcp open unknown

3128/tcp open squid-http

3168/tcp open unknown

3211/tcp open unknown

3221/tcp open unknown

3260/tcp open iscsi

3261/tcp open unknown

3268/tcp open globalcatLDAP

3269/tcp open globalcatLDAPssl

3283/tcp open netassistant

3300/tcp open unknown

3301/tcp open unknown

3306/tcp open mysql

3322/tcp open unknown

3323/tcp open unknown

3324/tcp open unknown

3325/tcp open unknown

3333/tcp open dec-notes

3351/tcp open unknown

3367/tcp open unknown

3369/tcp open unknown

3370/tcp open unknown

3371/tcp open unknown

3372/tcp open msdtc

3389/tcp open ms-term-serv

3390/tcp open unknown

3404/tcp open unknown

3476/tcp open unknown

3493/tcp open unknown

3517/tcp open unknown

3527/tcp open unknown

3546/tcp open unknown

3551/tcp open unknown

3580/tcp open unknown

3659/tcp open unknown

3689/tcp open rendezvous

3690/tcp open svn

3703/tcp open unknown

3737/tcp open unknown

3766/tcp open unknown

3784/tcp open unknown

3800/tcp open unknown

3801/tcp open unknown

3809/tcp open unknown

3814/tcp open unknown

3826/tcp open unknown

3827/tcp open unknown

3828/tcp open unknown

3851/tcp open unknown

3869/tcp open unknown

3871/tcp open unknown

3878/tcp open unknown

3880/tcp open unknown

3889/tcp open unknown

3905/tcp open mupdate

3914/tcp open unknown

3918/tcp open unknown

3920/tcp open unknown

3945/tcp open unknown

3971/tcp open unknown

3986/tcp open mapper-ws_ethd

3995/tcp open unknown

3998/tcp open unknown

4000/tcp open remoteanything

4001/tcp open unknown

4002/tcp open mlchat-proxy

4003/tcp open unknown

4004/tcp open unknown

4005/tcp open unknown

4006/tcp open unknown

4045/tcp open lockd

4111/tcp open unknown

4125/tcp open rww

4126/tcp open unknown

4129/tcp open unknown

4224/tcp open xtell

4242/tcp open unknown

4279/tcp open unknown

4321/tcp open rwhois

4343/tcp open unicall

4443/tcp open pharos

4444/tcp open krb524

4445/tcp open unknown

4446/tcp open unknown

4449/tcp open unknown

4550/tcp open unknown

4567/tcp open unknown

4662/tcp open edonkey

4848/tcp open unknown

4899/tcp open radmin

4900/tcp open unknown

4998/tcp open maybe-veritas

5000/tcp open upnp

5001/tcp open commplex-link

5002/tcp open rfe

5003/tcp open filemaker

5004/tcp open unknown

5009/tcp open airport-admin

5030/tcp open unknown

5033/tcp open unknown

5050/tcp open mmcc

5051/tcp open ida-agent

5054/tcp open unknown

5060/tcp open sip

5061/tcp open sip-tls

5080/tcp open unknown

5087/tcp open unknown

5100/tcp open admd

5101/tcp open admdog

5102/tcp open admeng

5120/tcp open unknown

5190/tcp open aol

5200/tcp open unknown

5214/tcp open unknown

5221/tcp open unknown

5222/tcp open unknown

5225/tcp open unknown

5226/tcp open unknown

5269/tcp open unknown

5280/tcp open unknown

5298/tcp open unknown

5357/tcp open unknown

5405/tcp open pcduo

5414/tcp open unknown

5431/tcp open park-agent

5432/tcp open postgresql

5440/tcp open unknown

5500/tcp open hotline

5510/tcp open secureidprop

5544/tcp open unknown

5550/tcp open sdadmind

5555/tcp open freeciv

5560/tcp open isqlplus

5566/tcp open unknown

5631/tcp open pcanywheredata

5633/tcp open unknown

5666/tcp open nrpe

5678/tcp open unknown

5679/tcp open activesync

5718/tcp open unknown

5730/tcp open unknown

5800/tcp open vnc-http

5801/tcp open vnc-http-1

5802/tcp open vnc-http-2

5810/tcp open unknown

5811/tcp open unknown

5815/tcp open unknown

5822/tcp open unknown

5825/tcp open unknown

5850/tcp open unknown

5859/tcp open unknown

5862/tcp open unknown

5877/tcp open unknown

5900/tcp open vnc

5901/tcp open vnc-1

5902/tcp open vnc-2

5903/tcp open vnc-3

5904/tcp open unknown

5906/tcp open unknown

5907/tcp open unknown

5910/tcp open unknown

5911/tcp open unknown

5915/tcp open unknown

5922/tcp open unknown

5925/tcp open unknown

5950/tcp open unknown

5952/tcp open unknown

5959/tcp open unknown

5960/tcp open unknown

5961/tcp open unknown

5962/tcp open unknown

5963/tcp open unknown

5987/tcp open unknown

5988/tcp open unknown

5989/tcp open unknown

5998/tcp open ncd-diag

5999/tcp open ncd-conf

6000/tcp open X11

6001/tcp open X11:1

6002/tcp open X11:2

6003/tcp open X11:3

6004/tcp open X11:4

6005/tcp open X11:5

6006/tcp open X11:6

6007/tcp open X11:7

6009/tcp open X11:9

6025/tcp open unknown

6059/tcp open X11:59

6100/tcp open unknown

6101/tcp open backupexec

6106/tcp open isdninfo

6112/tcp open dtspc

6123/tcp open unknown

6129/tcp open unknown

6156/tcp open unknown

6346/tcp open gnutella

6389/tcp open unknown

6502/tcp open netop-rc

6510/tcp open unknown

6543/tcp open mythtv

6547/tcp open powerchuteplus

6565/tcp open unknown

6566/tcp open unknown

6567/tcp open unknown

6580/tcp open unknown

6646/tcp open unknown

6666/tcp open irc

6667/tcp open irc

6668/tcp open irc

6669/tcp open irc

6689/tcp open unknown

6692/tcp open unknown

6699/tcp open napster

6779/tcp open unknown

6788/tcp open unknown

6789/tcp open ibm-db2-admin

6792/tcp open unknown

6839/tcp open unknown

6881/tcp open bittorrent-tracker

6901/tcp open unknown

6969/tcp open acmsoda

7000/tcp open afs3-fileserver

7001/tcp open afs3-callback

7002/tcp open afs3-prserver

7004/tcp open afs3-kaserver

7007/tcp open afs3-bos

7019/tcp open unknown

7025/tcp open unknown

7070/tcp open realserver

7100/tcp open font-service

7103/tcp open unknown

7106/tcp open unknown

7200/tcp open fodms

7201/tcp open dlip

7402/tcp open unknown

7435/tcp open unknown

7443/tcp open unknown

7496/tcp open unknown

7512/tcp open unknown

7625/tcp open unknown

7627/tcp open unknown

7676/tcp open unknown

7741/tcp open unknown

7777/tcp open unknown

7778/tcp open unknown

7800/tcp open unknown

7911/tcp open unknown

7920/tcp open unknown

7921/tcp open unknown

7937/tcp open nsrexecd

7938/tcp open lgtomapper

7999/tcp open unknown

8000/tcp open http-alt

8001/tcp open unknown

8002/tcp open teradataordbms

8007/tcp open ajp12

8008/tcp open http

8009/tcp open ajp13

8010/tcp open xmpp

8011/tcp open unknown

8021/tcp open ftp-proxy

8022/tcp open unknown

8031/tcp open unknown

8042/tcp open unknown

8045/tcp open unknown

8080/tcp open http-proxy

8081/tcp open blackice-icecap

8082/tcp open blackice-alerts

8083/tcp open unknown

8084/tcp open unknown

8085/tcp open unknown

8086/tcp open unknown

8087/tcp open unknown

8088/tcp open unknown

8089/tcp open unknown

8090/tcp open unknown

8093/tcp open unknown

8099/tcp open unknown

8100/tcp open unknown

8180/tcp open unknown

8181/tcp open unknown

8192/tcp open sophos

8193/tcp open sophos

8194/tcp open sophos

8200/tcp open unknown

8222/tcp open unknown

8254/tcp open unknown

8290/tcp open unknown

8291/tcp open unknown

8292/tcp open unknown

8300/tcp open unknown

8333/tcp open unknown

8383/tcp open unknown

8400/tcp open unknown

8402/tcp open unknown

8443/tcp open https-alt

8500/tcp open unknown

8600/tcp open unknown

8649/tcp open unknown

8651/tcp open unknown

8652/tcp open unknown

8654/tcp open unknown

8701/tcp open unknown

8800/tcp open unknown

8873/tcp open unknown

8888/tcp open sun-answerbook

8899/tcp open unknown

8994/tcp open unknown

9000/tcp open cslistener

9001/tcp open tor-orport

9002/tcp open unknown

9003/tcp open unknown

9009/tcp open unknown

9010/tcp open unknown

9011/tcp open unknown

9040/tcp open tor-trans

9050/tcp open tor-socks

9071/tcp open unknown

9080/tcp open unknown

9081/tcp open unknown

9090/tcp open zeus-admin

9091/tcp open unknown

9099/tcp open unknown

9100/tcp open jetdirect

9101/tcp open jetdirect

9102/tcp open jetdirect

9103/tcp open jetdirect

9110/tcp open unknown

9111/tcp open DragonIDSConsole

9200/tcp open wap-wsp

9207/tcp open unknown

9220/tcp open unknown

9290/tcp open unknown

9415/tcp open unknown

9418/tcp open unknown

9485/tcp open unknown

9500/tcp open unknown

9502/tcp open unknown

9503/tcp open unknown

9535/tcp open man

9575/tcp open unknown

9593/tcp open unknown

9594/tcp open msgsys

9595/tcp open pds

9618/tcp open unknown

9666/tcp open unknown

9876/tcp open sd

9877/tcp open unknown

9878/tcp open unknown

9898/tcp open unknown

9900/tcp open iua

9917/tcp open unknown

9943/tcp open unknown

9944/tcp open unknown

9968/tcp open unknown

9998/tcp open unknown

9999/tcp open abyss

10000/tcp open snet-sensor-mgmt

10001/tcp open unknown

10002/tcp open unknown

10003/tcp open unknown

10004/tcp open unknown

10009/tcp open unknown

10010/tcp open unknown

10012/tcp open unknown

10024/tcp open unknown

10025/tcp open unknown

10082/tcp open amandaidx

10180/tcp open unknown

10215/tcp open unknown

10243/tcp open unknown

10566/tcp open unknown

10616/tcp open unknown

10617/tcp open unknown

10621/tcp open unknown

10626/tcp open unknown

10628/tcp open unknown

10629/tcp open unknown

10778/tcp open unknown

11110/tcp open unknown

11111/tcp open unknown

11967/tcp open unknown

12000/tcp open cce4x

12174/tcp open unknown

12265/tcp open unknown

12345/tcp open netbus

13456/tcp open unknown

13722/tcp open netbackup

13782/tcp open netbackup

13783/tcp open netbackup

14000/tcp open unknown

14238/tcp open unknown

14441/tcp open unknown

14442/tcp open unknown

15000/tcp open hydap

15002/tcp open unknown

15003/tcp open unknown

15004/tcp open unknown

15660/tcp open unknown

15742/tcp open unknown

16000/tcp open unknown

16001/tcp open unknown

16012/tcp open unknown

16016/tcp open unknown

16018/tcp open unknown

16080/tcp open osxwebadmin

16113/tcp open unknown

16992/tcp open unknown

16993/tcp open unknown

17877/tcp open unknown

17988/tcp open unknown

18040/tcp open unknown

18101/tcp open unknown

18988/tcp open unknown

19101/tcp open unknown

19283/tcp open unknown

19315/tcp open unknown

19350/tcp open unknown

19780/tcp open unknown

19801/tcp open unknown

19842/tcp open unknown

20000/tcp open unknown

20005/tcp open btx

20031/tcp open unknown

20221/tcp open unknown

20222/tcp open unknown

20828/tcp open unknown

21571/tcp open unknown

22939/tcp open unknown

23502/tcp open unknown

24444/tcp open unknown

24800/tcp open unknown

25734/tcp open unknown

25735/tcp open unknown

26214/tcp open unknown

27000/tcp open flexlm0

27352/tcp open unknown

27353/tcp open unknown

27355/tcp open unknown

27356/tcp open unknown

27715/tcp open unknown

28201/tcp open unknown

30000/tcp open unknown

30718/tcp open unknown

30951/tcp open unknown

31038/tcp open unknown

31337/tcp open Elite

32768/tcp open unknown

32769/tcp open unknown

32770/tcp open sometimes-rpc3

32771/tcp open sometimes-rpc5

32772/tcp open sometimes-rpc7

32773/tcp open sometimes-rpc9

32774/tcp open sometimes-rpc11

32775/tcp open sometimes-rpc13

32776/tcp open sometimes-rpc15

32777/tcp open sometimes-rpc17

32778/tcp open sometimes-rpc19

32779/tcp open sometimes-rpc21

32780/tcp open sometimes-rpc23

32781/tcp open unknown

32782/tcp open unknown

32783/tcp open unknown

32784/tcp open unknown

32785/tcp open unknown

33354/tcp open unknown

33899/tcp open unknown

34571/tcp open unknown

34572/tcp open unknown

34573/tcp open unknown

35500/tcp open unknown

38292/tcp open landesk-cba

40193/tcp open unknown

40911/tcp open unknown

41511/tcp open unknown

42510/tcp open unknown

44176/tcp open unknown

44442/tcp open coldfusion-auth

44443/tcp open coldfusion-auth

44501/tcp open unknown

45100/tcp open unknown

48080/tcp open unknown

49152/tcp open unknown

49153/tcp open unknown

49154/tcp open unknown

49155/tcp open unknown

49156/tcp open unknown

49157/tcp open unknown

49158/tcp open unknown

49159/tcp open unknown

49160/tcp open unknown

49161/tcp open unknown

49163/tcp open unknown

49165/tcp open unknown

49167/tcp open unknown

49175/tcp open unknown

49176/tcp open unknown

49400/tcp open compaqdiag

49999/tcp open unknown

50000/tcp open iiimsf

50001/tcp open unknown

50002/tcp open iiimsf

50003/tcp open unknown

50006/tcp open unknown

50300/tcp open unknown

50389/tcp open unknown

50500/tcp open unknown

50636/tcp open unknown

50800/tcp open unknown

51103/tcp open unknown

51493/tcp open unknown

52673/tcp open unknown

52822/tcp open unknown

52848/tcp open unknown

52869/tcp open unknown

54045/tcp open unknown

54328/tcp open unknown

55055/tcp open unknown

55056/tcp open unknown

55555/tcp open unknown

55600/tcp open unknown

56737/tcp open unknown

56738/tcp open unknown

57294/tcp open unknown

57797/tcp open unknown

58080/tcp open unknown

60020/tcp open unknown

60443/tcp open unknown

61532/tcp open unknown

61900/tcp open unknown

62078/tcp open iphone-sync

63331/tcp open unknown

64623/tcp open unknown

64680/tcp open unknown

65000/tcp open unknown

65129/tcp open unknown

65389/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 23.37 seconds

Простите за скролл, спойлера не нашёл.

Share this post


Link to post
Share on other sites

Приветствую!

А что на этом сервере крутится?

Просто штука в том, что обычно сервера взламывают через дыры в скриптах

Такое постоянно происходит

Share this post


Link to post
Share on other sites

1. Что за цмс и какие версии?

2. Поставьте фаер, в котором откроете только нужные порты как внутрь, так и наружу - по крайней мере, ваши боты не смогут к своему центру управления коннектиться.

3. В этом фаере запретите удп наружу для всех, кроме рута и 53 порта - решите проблему удп досов со своей машины.

4. Постоянно обновляйте цмски, дыры в них каждый день находят.

5. Поставьте rkhunter, а также регулярно проверяйте документ руты и директории, в кот. может писать юзер, от кот. скрипты работают, clam'ом. Он находит почти все ходовые шеллы и бекдоры.

И ещё - если юзаете для заливки контента фтп клиент на винде, то имейте ввиду, что ваш аццкий пароль оттуда запросто тырится всякой заразой, которой вы можете нахватать.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...