dr5y51em Опубликовано 10 февраля, 2012 Жалоба Поделиться Опубликовано 10 февраля, 2012 Парни, помогите, я на таком уровне администрирования не очень силён. Предыстория, взяли тачку у немцев на HETZNER поставили на неё VDS ISP Manager, который сам подтянул нужный софт (KVM, Apache и т.д.). Пароли все достаточно сложные, у рута аж 32 символа (аля md5). В итоге мне приходит письмо примерно такого содержания: Цитата: Dear Sir or Madam We regret to inform you that your server with the IP address mentioned in the above subject line has carried out scans on other internet servers. As a result this has placed a considerable strain on network resources and consequently a segment of our network has been very adversely affected. Your server has therefore been deactivated as a precautionary measure. A corresponding traffic protocol is attached for your information. к нему лог Цитата: ############################################################ ############## # Netscan detected from host 213.239.193.168 # ############################################################ ############## time protocol src_ip src_port dest_ip dest_port ------------------------------------------------------------ --------------- Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.1 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.2 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.3 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.4 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.5 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.6 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.7 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.8 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.9 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.10 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.11 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.12 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.13 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.14 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.15 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.16 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.17 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.18 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.19 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.20 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.21 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.22 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.23 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.24 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.25 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.26 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.27 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.28 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.29 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.30 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.31 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.32 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.33 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.34 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.35 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.36 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.37 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.38 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.39 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.40 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.41 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.42 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.43 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.44 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.45 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.46 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.47 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.48 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.49 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.50 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.51 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.52 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.53 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.54 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.55 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.56 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.57 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.58 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.59 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.60 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.61 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.62 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.63 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.64 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.65 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.66 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.67 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.68 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.69 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.70 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.71 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.72 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.73 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.74 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.75 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.170 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.171 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.174 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.176 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.178 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.180 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.182 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.184 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.186 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.187 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.189 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.192 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.193 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.196 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.197 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.198 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.200 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.201 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.204 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.205 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.208 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.210 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.212 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.213 22 Fri Feb 3 11:16:51 2012 TCP 213.239.193.168 39996 => 169.0.0.215 22 из которого видно, что сервер сканирует внутреннюю сеть провайдера. Сейчас доступ открыт на сервер только для моего IP Цитата: netstat -apn|grep tcp tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1558/kvm tcp 0 0 0.0.0.0:5902 0.0.0.0:* LISTEN 1584/kvm tcp 0 0 213.239.193.168:80 0.0.0.0:* LISTEN 1509/nginx tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1520/sshd tcp 0 0 213.239.193.168:22 46.149.225.56:36574 ESTABLISHED 1526/sshd: root@not tcp 0 52 213.239.193.168:22 46.149.225.56:39544 ESTABLISHED 1674/0 tcp6 0 0 :::8080 :::* LISTEN 1368/apache2 tcp6 0 0 :::22 :::* LISTEN 1520/sshd tcp6 0 0 :::443 :::* LISTEN 1368/apache2 вот скан открытых портов Цитата: Starting Nmap 5.00 ( http://nmap.org ) at 2012-02-10 23:40 NOVT Interesting ports on static.213-239-193-168.clients.your-server.de (213.239.193.168): PORT STATE SERVICE 1/tcp open tcpmux 3/tcp open compressnet 4/tcp open unknown 6/tcp open unknown 7/tcp open echo 9/tcp open discard 13/tcp open daytime 17/tcp open qotd 19/tcp open chargen 20/tcp open ftp-data 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 24/tcp open priv-mail 25/tcp open smtp 26/tcp open rsftp 30/tcp open unknown 32/tcp open unknown 33/tcp open dsp 37/tcp open time 42/tcp open nameserver 43/tcp open whois 49/tcp open tacacs 53/tcp open domain 70/tcp open gopher 79/tcp open finger 80/tcp open http 81/tcp open hosts2-ns 82/tcp open xfer 83/tcp open mit-ml-dev 84/tcp open ctf 85/tcp open mit-ml-dev 88/tcp open kerberos-sec 89/tcp open su-mit-tg 90/tcp open dnsix 99/tcp open metagram 100/tcp open newacct 106/tcp open pop3pw 109/tcp open pop2 110/tcp open pop3 111/tcp open rpcbind 113/tcp open auth 119/tcp open nntp 125/tcp open locus-map 135/tcp open msrpc 139/tcp open netbios-ssn 143/tcp open imap 144/tcp open news 146/tcp open iso-tp0 161/tcp open snmp 163/tcp open cmip-man 179/tcp open bgp 199/tcp open smux 211/tcp open 914c-g 212/tcp open anet 222/tcp open rsh-spx 254/tcp open unknown 255/tcp open unknown 256/tcp open fw1-secureremote 259/tcp open esro-gen 264/tcp open bgmp 280/tcp open http-mgmt 301/tcp open unknown 306/tcp open unknown 311/tcp open asip-webadmin 340/tcp open unknown 366/tcp open odmr 389/tcp open ldap 406/tcp open imsp 407/tcp open timbuktu 416/tcp open silverplatter 417/tcp open onmux 425/tcp open icad-el 427/tcp open svrloc 443/tcp open https 444/tcp open snpp 445/tcp open microsoft-ds 458/tcp open appleqtc 464/tcp open kpasswd5 465/tcp open smtps 481/tcp open dvs 497/tcp open retrospect 500/tcp open isakmp 512/tcp open exec 513/tcp open login 514/tcp open shell 515/tcp open printer 524/tcp open ncp 541/tcp open uucp-rlogin 543/tcp open klogin 544/tcp open kshell 545/tcp open ekshell 548/tcp open afp 554/tcp open rtsp 555/tcp open dsf 563/tcp open snews 587/tcp open submission 593/tcp open http-rpc-epmap 616/tcp open unknown 617/tcp open sco-dtmgr 625/tcp open apple-xsrvr-admin 631/tcp open ipp 636/tcp open ldapssl 646/tcp open ldp 648/tcp open unknown 666/tcp open doom 667/tcp open unknown 668/tcp open unknown 683/tcp open corba-iiop 687/tcp open unknown 691/tcp open resvc 700/tcp open unknown 705/tcp open unknown 711/tcp open unknown 714/tcp open unknown 720/tcp open unknown 722/tcp open unknown 726/tcp open unknown 749/tcp open kerberos-adm 765/tcp open webster 777/tcp open unknown 783/tcp open spamassassin 787/tcp open qsc 800/tcp open mdbs_daemon 801/tcp open device 808/tcp open ccproxy-http 843/tcp open unknown 873/tcp open rsync 880/tcp open unknown 888/tcp open accessbuilder 898/tcp open sun-manageconsole 900/tcp open unknown 901/tcp open samba-swat 902/tcp open iss-realsecure 903/tcp open iss-console-mgr 911/tcp open unknown 912/tcp open unknown 981/tcp open unknown 987/tcp open unknown 990/tcp open ftps 992/tcp open telnets 993/tcp open imaps 995/tcp open pop3s 999/tcp open garcon 1000/tcp open cadlock 1001/tcp open unknown 1002/tcp open windows-icfw 1007/tcp open unknown 1009/tcp open unknown 1010/tcp open unknown 1011/tcp open unknown 1021/tcp open unknown 1022/tcp open unknown 1023/tcp open netvenuechat 1024/tcp open kdm 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1027/tcp open IIS 1028/tcp open unknown 1029/tcp open ms-lsa 1030/tcp open iad1 1031/tcp open iad2 1032/tcp open iad3 1033/tcp open netinfo 1034/tcp open zincite-a 1035/tcp open multidropper 1036/tcp open unknown 1037/tcp open unknown 1038/tcp open unknown 1039/tcp open unknown 1040/tcp open netsaint 1041/tcp open unknown 1042/tcp open unknown 1043/tcp open boinc 1044/tcp open unknown 1045/tcp open unknown 1046/tcp open unknown 1047/tcp open unknown 1048/tcp open unknown 1049/tcp open unknown 1050/tcp open java-or-OTGfileshare 1051/tcp open optima-vnet 1052/tcp open ddt 1053/tcp open unknown 1054/tcp open unknown 1055/tcp open ansyslmd 1056/tcp open unknown 1057/tcp open unknown 1058/tcp open nim 1059/tcp open nimreg 1060/tcp open polestar 1061/tcp open unknown 1062/tcp open veracity 1063/tcp open unknown 1064/tcp open unknown 1065/tcp open unknown 1066/tcp open fpo-fns 1067/tcp open instl_boots 1068/tcp open instl_bootc 1069/tcp open cognex-insight 1070/tcp open unknown 1071/tcp open unknown 1072/tcp open unknown 1073/tcp open unknown 1074/tcp open unknown 1075/tcp open unknown 1076/tcp open sns_credit 1077/tcp open unknown 1078/tcp open unknown 1079/tcp open unknown 1080/tcp open socks 1081/tcp open unknown 1082/tcp open unknown 1083/tcp open ansoft-lm-1 1084/tcp open ansoft-lm-2 1085/tcp open unknown 1086/tcp open unknown 1087/tcp open unknown 1088/tcp open unknown 1089/tcp open unknown 1090/tcp open unknown 1091/tcp open unknown 1092/tcp open unknown 1093/tcp open unknown 1094/tcp open unknown 1095/tcp open unknown 1096/tcp open unknown 1097/tcp open unknown 1098/tcp open unknown 1099/tcp open unknown 1100/tcp open unknown 1102/tcp open unknown 1104/tcp open unknown 1105/tcp open unknown 1106/tcp open unknown 1107/tcp open unknown 1108/tcp open unknown 1110/tcp open nfsd-status 1111/tcp open unknown 1112/tcp open msql 1113/tcp open unknown 1114/tcp open unknown 1117/tcp open unknown 1119/tcp open unknown 1121/tcp open unknown 1122/tcp open unknown 1123/tcp open unknown 1124/tcp open unknown 1126/tcp open unknown 1130/tcp open unknown 1131/tcp open unknown 1132/tcp open unknown 1137/tcp open unknown 1138/tcp open unknown 1141/tcp open unknown 1145/tcp open unknown 1147/tcp open unknown 1148/tcp open unknown 1149/tcp open unknown 1151/tcp open unknown 1152/tcp open unknown 1154/tcp open unknown 1163/tcp open unknown 1164/tcp open unknown 1165/tcp open unknown 1166/tcp open unknown 1169/tcp open unknown 1174/tcp open unknown 1175/tcp open unknown 1183/tcp open unknown 1185/tcp open unknown 1186/tcp open unknown 1187/tcp open unknown 1192/tcp open unknown 1198/tcp open unknown 1199/tcp open unknown 1201/tcp open unknown 1213/tcp open unknown 1216/tcp open unknown 1217/tcp open unknown 1218/tcp open aeroflight-ads 1233/tcp open unknown 1234/tcp open hotline 1236/tcp open unknown 1244/tcp open unknown 1247/tcp open unknown 1248/tcp open hermes 1259/tcp open unknown 1271/tcp open unknown 1272/tcp open unknown 1277/tcp open unknown 1287/tcp open unknown 1296/tcp open unknown 1300/tcp open unknown 1301/tcp open unknown 1309/tcp open unknown 1310/tcp open unknown 1311/tcp open rxmon 1322/tcp open unknown 1328/tcp open unknown 1334/tcp open unknown 1352/tcp open lotusnotes 1417/tcp open timbuktu-srv1 1433/tcp open ms-sql-s 1434/tcp open ms-sql-m 1443/tcp open ies-lm 1455/tcp open esl-lm 1461/tcp open ibm_wrless_lan 1494/tcp open citrix-ica 1500/tcp open vlsi-lm 1501/tcp open sas-3 1503/tcp open imtc-mcs 1521/tcp open oracle 1524/tcp open ingreslock 1533/tcp open virtual-places 1556/tcp open unknown 1580/tcp open unknown 1583/tcp open unknown 1594/tcp open unknown 1600/tcp open issd 1641/tcp open unknown 1658/tcp open unknown 1666/tcp open netview-aix-6 1687/tcp open unknown 1688/tcp open unknown 1700/tcp open mps-raft 1717/tcp open fj-hdnet 1718/tcp open unknown 1719/tcp open unknown 1720/tcp open H.323/Q.931 1721/tcp open unknown 1723/tcp open pptp 1755/tcp open wms 1761/tcp open landesk-rc 1782/tcp open hp-hcip 1783/tcp open unknown 1801/tcp open unknown 1805/tcp open unknown 1812/tcp open unknown 1839/tcp open unknown 1840/tcp open unknown 1862/tcp open unknown 1863/tcp open msnp 1864/tcp open paradym-31 1875/tcp open unknown 1900/tcp open upnp 1914/tcp open unknown 1935/tcp open rtmp 1947/tcp open unknown 1971/tcp open unknown 1972/tcp open unknown 1974/tcp open unknown 1984/tcp open bigbrother 1998/tcp open x25-svc-port 1999/tcp open tcp-id-port 2000/tcp open callbook 2001/tcp open dc 2002/tcp open globe 2003/tcp open finger 2004/tcp open mailbox 2005/tcp open deslogin 2006/tcp open invokator 2007/tcp open dectalk 2008/tcp open conf 2009/tcp open news 2010/tcp open search 2013/tcp open raid-am 2020/tcp open xinupageserver 2021/tcp open servexec 2022/tcp open down 2030/tcp open device2 2033/tcp open glogger 2034/tcp open scoremgr 2035/tcp open imsldoc 2038/tcp open objectmanager 2040/tcp open lam 2041/tcp open interbase 2042/tcp open isis 2043/tcp open isis-bcast 2045/tcp open cdfunc 2046/tcp open sdfunc 2047/tcp open dls 2048/tcp open dls-monitor 2049/tcp open nfs 2065/tcp open dlsrpn 2068/tcp open advocentkvm 2099/tcp open unknown 2100/tcp open unknown 2103/tcp open zephyr-clt 2105/tcp open eklogin 2106/tcp open ekshell 2107/tcp open unknown 2111/tcp open kx 2119/tcp open unknown 2121/tcp open ccproxy-ftp 2126/tcp open unknown 2135/tcp open unknown 2144/tcp open unknown 2160/tcp open unknown 2161/tcp open apc-agent 2170/tcp open unknown 2179/tcp open unknown 2190/tcp open unknown 2191/tcp open unknown 2196/tcp open unknown 2200/tcp open unknown 2222/tcp open unknown 2251/tcp open unknown 2260/tcp open unknown 2288/tcp open unknown 2301/tcp open compaqdiag 2323/tcp open unknown 2366/tcp open unknown 2381/tcp open unknown 2382/tcp open unknown 2383/tcp open ms-olap4 2393/tcp open unknown 2394/tcp open unknown 2399/tcp open unknown 2401/tcp open cvspserver 2492/tcp open unknown 2500/tcp open rtsserv 2522/tcp open unknown 2525/tcp open unknown 2557/tcp open unknown 2601/tcp open zebra 2602/tcp open ripd 2604/tcp open ospfd 2605/tcp open bgpd 2607/tcp open unknown 2608/tcp open unknown 2638/tcp open sybase 2701/tcp open sms-rcinfo 2702/tcp open sms-xfer 2710/tcp open unknown 2717/tcp open unknown 2718/tcp open unknown 2725/tcp open unknown 2800/tcp open unknown 2809/tcp open corbaloc 2811/tcp open unknown 2869/tcp open unknown 2875/tcp open unknown 2909/tcp open unknown 2910/tcp open unknown 2920/tcp open unknown 2967/tcp open symantec-av 2968/tcp open unknown 2998/tcp open iss-realsec 3000/tcp open ppp 3001/tcp open nessus 3003/tcp open unknown 3005/tcp open deslogin 3006/tcp open deslogind 3007/tcp open unknown 3011/tcp open unknown 3013/tcp open unknown 3017/tcp open unknown 3030/tcp open unknown 3031/tcp open unknown 3050/tcp open unknown 3052/tcp open powerchute 3071/tcp open unknown 3077/tcp open unknown 3128/tcp open squid-http 3168/tcp open unknown 3211/tcp open unknown 3221/tcp open unknown 3260/tcp open iscsi 3261/tcp open unknown 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 3283/tcp open netassistant 3300/tcp open unknown 3301/tcp open unknown 3306/tcp open mysql 3322/tcp open unknown 3323/tcp open unknown 3324/tcp open unknown 3325/tcp open unknown 3333/tcp open dec-notes 3351/tcp open unknown 3367/tcp open unknown 3369/tcp open unknown 3370/tcp open unknown 3371/tcp open unknown 3372/tcp open msdtc 3389/tcp open ms-term-serv 3390/tcp open unknown 3404/tcp open unknown 3476/tcp open unknown 3493/tcp open unknown 3517/tcp open unknown 3527/tcp open unknown 3546/tcp open unknown 3551/tcp open unknown 3580/tcp open unknown 3659/tcp open unknown 3689/tcp open rendezvous 3690/tcp open svn 3703/tcp open unknown 3737/tcp open unknown 3766/tcp open unknown 3784/tcp open unknown 3800/tcp open unknown 3801/tcp open unknown 3809/tcp open unknown 3814/tcp open unknown 3826/tcp open unknown 3827/tcp open unknown 3828/tcp open unknown 3851/tcp open unknown 3869/tcp open unknown 3871/tcp open unknown 3878/tcp open unknown 3880/tcp open unknown 3889/tcp open unknown 3905/tcp open mupdate 3914/tcp open unknown 3918/tcp open unknown 3920/tcp open unknown 3945/tcp open unknown 3971/tcp open unknown 3986/tcp open mapper-ws_ethd 3995/tcp open unknown 3998/tcp open unknown 4000/tcp open remoteanything 4001/tcp open unknown 4002/tcp open mlchat-proxy 4003/tcp open unknown 4004/tcp open unknown 4005/tcp open unknown 4006/tcp open unknown 4045/tcp open lockd 4111/tcp open unknown 4125/tcp open rww 4126/tcp open unknown 4129/tcp open unknown 4224/tcp open xtell 4242/tcp open unknown 4279/tcp open unknown 4321/tcp open rwhois 4343/tcp open unicall 4443/tcp open pharos 4444/tcp open krb524 4445/tcp open unknown 4446/tcp open unknown 4449/tcp open unknown 4550/tcp open unknown 4567/tcp open unknown 4662/tcp open edonkey 4848/tcp open unknown 4899/tcp open radmin 4900/tcp open unknown 4998/tcp open maybe-veritas 5000/tcp open upnp 5001/tcp open commplex-link 5002/tcp open rfe 5003/tcp open filemaker 5004/tcp open unknown 5009/tcp open airport-admin 5030/tcp open unknown 5033/tcp open unknown 5050/tcp open mmcc 5051/tcp open ida-agent 5054/tcp open unknown 5060/tcp open sip 5061/tcp open sip-tls 5080/tcp open unknown 5087/tcp open unknown 5100/tcp open admd 5101/tcp open admdog 5102/tcp open admeng 5120/tcp open unknown 5190/tcp open aol 5200/tcp open unknown 5214/tcp open unknown 5221/tcp open unknown 5222/tcp open unknown 5225/tcp open unknown 5226/tcp open unknown 5269/tcp open unknown 5280/tcp open unknown 5298/tcp open unknown 5357/tcp open unknown 5405/tcp open pcduo 5414/tcp open unknown 5431/tcp open park-agent 5432/tcp open postgresql 5440/tcp open unknown 5500/tcp open hotline 5510/tcp open secureidprop 5544/tcp open unknown 5550/tcp open sdadmind 5555/tcp open freeciv 5560/tcp open isqlplus 5566/tcp open unknown 5631/tcp open pcanywheredata 5633/tcp open unknown 5666/tcp open nrpe 5678/tcp open unknown 5679/tcp open activesync 5718/tcp open unknown 5730/tcp open unknown 5800/tcp open vnc-http 5801/tcp open vnc-http-1 5802/tcp open vnc-http-2 5810/tcp open unknown 5811/tcp open unknown 5815/tcp open unknown 5822/tcp open unknown 5825/tcp open unknown 5850/tcp open unknown 5859/tcp open unknown 5862/tcp open unknown 5877/tcp open unknown 5900/tcp open vnc 5901/tcp open vnc-1 5902/tcp open vnc-2 5903/tcp open vnc-3 5904/tcp open unknown 5906/tcp open unknown 5907/tcp open unknown 5910/tcp open unknown 5911/tcp open unknown 5915/tcp open unknown 5922/tcp open unknown 5925/tcp open unknown 5950/tcp open unknown 5952/tcp open unknown 5959/tcp open unknown 5960/tcp open unknown 5961/tcp open unknown 5962/tcp open unknown 5963/tcp open unknown 5987/tcp open unknown 5988/tcp open unknown 5989/tcp open unknown 5998/tcp open ncd-diag 5999/tcp open ncd-conf 6000/tcp open X11 6001/tcp open X11:1 6002/tcp open X11:2 6003/tcp open X11:3 6004/tcp open X11:4 6005/tcp open X11:5 6006/tcp open X11:6 6007/tcp open X11:7 6009/tcp open X11:9 6025/tcp open unknown 6059/tcp open X11:59 6100/tcp open unknown 6101/tcp open backupexec 6106/tcp open isdninfo 6112/tcp open dtspc 6123/tcp open unknown 6129/tcp open unknown 6156/tcp open unknown 6346/tcp open gnutella 6389/tcp open unknown 6502/tcp open netop-rc 6510/tcp open unknown 6543/tcp open mythtv 6547/tcp open powerchuteplus 6565/tcp open unknown 6566/tcp open unknown 6567/tcp open unknown 6580/tcp open unknown 6646/tcp open unknown 6666/tcp open irc 6667/tcp open irc 6668/tcp open irc 6669/tcp open irc 6689/tcp open unknown 6692/tcp open unknown 6699/tcp open napster 6779/tcp open unknown 6788/tcp open unknown 6789/tcp open ibm-db2-admin 6792/tcp open unknown 6839/tcp open unknown 6881/tcp open bittorrent-tracker 6901/tcp open unknown 6969/tcp open acmsoda 7000/tcp open afs3-fileserver 7001/tcp open afs3-callback 7002/tcp open afs3-prserver 7004/tcp open afs3-kaserver 7007/tcp open afs3-bos 7019/tcp open unknown 7025/tcp open unknown 7070/tcp open realserver 7100/tcp open font-service 7103/tcp open unknown 7106/tcp open unknown 7200/tcp open fodms 7201/tcp open dlip 7402/tcp open unknown 7435/tcp open unknown 7443/tcp open unknown 7496/tcp open unknown 7512/tcp open unknown 7625/tcp open unknown 7627/tcp open unknown 7676/tcp open unknown 7741/tcp open unknown 7777/tcp open unknown 7778/tcp open unknown 7800/tcp open unknown 7911/tcp open unknown 7920/tcp open unknown 7921/tcp open unknown 7937/tcp open nsrexecd 7938/tcp open lgtomapper 7999/tcp open unknown 8000/tcp open http-alt 8001/tcp open unknown 8002/tcp open teradataordbms 8007/tcp open ajp12 8008/tcp open http 8009/tcp open ajp13 8010/tcp open xmpp 8011/tcp open unknown 8021/tcp open ftp-proxy 8022/tcp open unknown 8031/tcp open unknown 8042/tcp open unknown 8045/tcp open unknown 8080/tcp open http-proxy 8081/tcp open blackice-icecap 8082/tcp open blackice-alerts 8083/tcp open unknown 8084/tcp open unknown 8085/tcp open unknown 8086/tcp open unknown 8087/tcp open unknown 8088/tcp open unknown 8089/tcp open unknown 8090/tcp open unknown 8093/tcp open unknown 8099/tcp open unknown 8100/tcp open unknown 8180/tcp open unknown 8181/tcp open unknown 8192/tcp open sophos 8193/tcp open sophos 8194/tcp open sophos 8200/tcp open unknown 8222/tcp open unknown 8254/tcp open unknown 8290/tcp open unknown 8291/tcp open unknown 8292/tcp open unknown 8300/tcp open unknown 8333/tcp open unknown 8383/tcp open unknown 8400/tcp open unknown 8402/tcp open unknown 8443/tcp open https-alt 8500/tcp open unknown 8600/tcp open unknown 8649/tcp open unknown 8651/tcp open unknown 8652/tcp open unknown 8654/tcp open unknown 8701/tcp open unknown 8800/tcp open unknown 8873/tcp open unknown 8888/tcp open sun-answerbook 8899/tcp open unknown 8994/tcp open unknown 9000/tcp open cslistener 9001/tcp open tor-orport 9002/tcp open unknown 9003/tcp open unknown 9009/tcp open unknown 9010/tcp open unknown 9011/tcp open unknown 9040/tcp open tor-trans 9050/tcp open tor-socks 9071/tcp open unknown 9080/tcp open unknown 9081/tcp open unknown 9090/tcp open zeus-admin 9091/tcp open unknown 9099/tcp open unknown 9100/tcp open jetdirect 9101/tcp open jetdirect 9102/tcp open jetdirect 9103/tcp open jetdirect 9110/tcp open unknown 9111/tcp open DragonIDSConsole 9200/tcp open wap-wsp 9207/tcp open unknown 9220/tcp open unknown 9290/tcp open unknown 9415/tcp open unknown 9418/tcp open unknown 9485/tcp open unknown 9500/tcp open unknown 9502/tcp open unknown 9503/tcp open unknown 9535/tcp open man 9575/tcp open unknown 9593/tcp open unknown 9594/tcp open msgsys 9595/tcp open pds 9618/tcp open unknown 9666/tcp open unknown 9876/tcp open sd 9877/tcp open unknown 9878/tcp open unknown 9898/tcp open unknown 9900/tcp open iua 9917/tcp open unknown 9943/tcp open unknown 9944/tcp open unknown 9968/tcp open unknown 9998/tcp open unknown 9999/tcp open abyss 10000/tcp open snet-sensor-mgmt 10001/tcp open unknown 10002/tcp open unknown 10003/tcp open unknown 10004/tcp open unknown 10009/tcp open unknown 10010/tcp open unknown 10012/tcp open unknown 10024/tcp open unknown 10025/tcp open unknown 10082/tcp open amandaidx 10180/tcp open unknown 10215/tcp open unknown 10243/tcp open unknown 10566/tcp open unknown 10616/tcp open unknown 10617/tcp open unknown 10621/tcp open unknown 10626/tcp open unknown 10628/tcp open unknown 10629/tcp open unknown 10778/tcp open unknown 11110/tcp open unknown 11111/tcp open unknown 11967/tcp open unknown 12000/tcp open cce4x 12174/tcp open unknown 12265/tcp open unknown 12345/tcp open netbus 13456/tcp open unknown 13722/tcp open netbackup 13782/tcp open netbackup 13783/tcp open netbackup 14000/tcp open unknown 14238/tcp open unknown 14441/tcp open unknown 14442/tcp open unknown 15000/tcp open hydap 15002/tcp open unknown 15003/tcp open unknown 15004/tcp open unknown 15660/tcp open unknown 15742/tcp open unknown 16000/tcp open unknown 16001/tcp open unknown 16012/tcp open unknown 16016/tcp open unknown 16018/tcp open unknown 16080/tcp open osxwebadmin 16113/tcp open unknown 16992/tcp open unknown 16993/tcp open unknown 17877/tcp open unknown 17988/tcp open unknown 18040/tcp open unknown 18101/tcp open unknown 18988/tcp open unknown 19101/tcp open unknown 19283/tcp open unknown 19315/tcp open unknown 19350/tcp open unknown 19780/tcp open unknown 19801/tcp open unknown 19842/tcp open unknown 20000/tcp open unknown 20005/tcp open btx 20031/tcp open unknown 20221/tcp open unknown 20222/tcp open unknown 20828/tcp open unknown 21571/tcp open unknown 22939/tcp open unknown 23502/tcp open unknown 24444/tcp open unknown 24800/tcp open unknown 25734/tcp open unknown 25735/tcp open unknown 26214/tcp open unknown 27000/tcp open flexlm0 27352/tcp open unknown 27353/tcp open unknown 27355/tcp open unknown 27356/tcp open unknown 27715/tcp open unknown 28201/tcp open unknown 30000/tcp open unknown 30718/tcp open unknown 30951/tcp open unknown 31038/tcp open unknown 31337/tcp open Elite 32768/tcp open unknown 32769/tcp open unknown 32770/tcp open sometimes-rpc3 32771/tcp open sometimes-rpc5 32772/tcp open sometimes-rpc7 32773/tcp open sometimes-rpc9 32774/tcp open sometimes-rpc11 32775/tcp open sometimes-rpc13 32776/tcp open sometimes-rpc15 32777/tcp open sometimes-rpc17 32778/tcp open sometimes-rpc19 32779/tcp open sometimes-rpc21 32780/tcp open sometimes-rpc23 32781/tcp open unknown 32782/tcp open unknown 32783/tcp open unknown 32784/tcp open unknown 32785/tcp open unknown 33354/tcp open unknown 33899/tcp open unknown 34571/tcp open unknown 34572/tcp open unknown 34573/tcp open unknown 35500/tcp open unknown 38292/tcp open landesk-cba 40193/tcp open unknown 40911/tcp open unknown 41511/tcp open unknown 42510/tcp open unknown 44176/tcp open unknown 44442/tcp open coldfusion-auth 44443/tcp open coldfusion-auth 44501/tcp open unknown 45100/tcp open unknown 48080/tcp open unknown 49152/tcp open unknown 49153/tcp open unknown 49154/tcp open unknown 49155/tcp open unknown 49156/tcp open unknown 49157/tcp open unknown 49158/tcp open unknown 49159/tcp open unknown 49160/tcp open unknown 49161/tcp open unknown 49163/tcp open unknown 49165/tcp open unknown 49167/tcp open unknown 49175/tcp open unknown 49176/tcp open unknown 49400/tcp open compaqdiag 49999/tcp open unknown 50000/tcp open iiimsf 50001/tcp open unknown 50002/tcp open iiimsf 50003/tcp open unknown 50006/tcp open unknown 50300/tcp open unknown 50389/tcp open unknown 50500/tcp open unknown 50636/tcp open unknown 50800/tcp open unknown 51103/tcp open unknown 51493/tcp open unknown 52673/tcp open unknown 52822/tcp open unknown 52848/tcp open unknown 52869/tcp open unknown 54045/tcp open unknown 54328/tcp open unknown 55055/tcp open unknown 55056/tcp open unknown 55555/tcp open unknown 55600/tcp open unknown 56737/tcp open unknown 56738/tcp open unknown 57294/tcp open unknown 57797/tcp open unknown 58080/tcp open unknown 60020/tcp open unknown 60443/tcp open unknown 61532/tcp open unknown 61900/tcp open unknown 62078/tcp open iphone-sync 63331/tcp open unknown 64623/tcp open unknown 64680/tcp open unknown 65000/tcp open unknown 65129/tcp open unknown 65389/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 23.37 seconds Простите за скролл, спойлера не нашёл. Цитата Ссылка на комментарий Поделиться на другие сайты Поделиться
Firebird Опубликовано 10 февраля, 2012 Жалоба Поделиться Опубликовано 10 февраля, 2012 Приветствую! А что на этом сервере крутится? Просто штука в том, что обычно сервера взламывают через дыры в скриптах Такое постоянно происходит Цитата Ссылка на комментарий Поделиться на другие сайты Поделиться
AccessD Опубликовано 11 февраля, 2012 Жалоба Поделиться Опубликовано 11 февраля, 2012 1. Что за цмс и какие версии? 2. Поставьте фаер, в котором откроете только нужные порты как внутрь, так и наружу - по крайней мере, ваши боты не смогут к своему центру управления коннектиться. 3. В этом фаере запретите удп наружу для всех, кроме рута и 53 порта - решите проблему удп досов со своей машины. 4. Постоянно обновляйте цмски, дыры в них каждый день находят. 5. Поставьте rkhunter, а также регулярно проверяйте документ руты и директории, в кот. может писать юзер, от кот. скрипты работают, clam'ом. Он находит почти все ходовые шеллы и бекдоры. И ещё - если юзаете для заливки контента фтп клиент на винде, то имейте ввиду, что ваш аццкий пароль оттуда запросто тырится всякой заразой, которой вы можете нахватать. Цитата Ссылка на комментарий Поделиться на другие сайты Поделиться
Рекомендуемые сообщения
Присоединяйтесь к обсуждению
Вы можете написать сейчас и зарегистрироваться позже. Если у вас есть аккаунт, авторизуйтесь, чтобы опубликовать от имени своего аккаунта.