Results 1 to 2 of 2
-
04-11-2011, 01:47 PM #1Junior Guru Wannabe
- Join Date
- Sep 2005
- Posts
- 93
Server Disabled Due to Port Scanning
My server was disabled by an ISP because according to them, my IP carried out scans to other internet servers. I have firewall set-up using virtual server default in Webmin.
What else do I need to harden? What processes could be doing the scanning that I can terminate?
This is how my iptables looks like right before it was banned:
Code:# Generated by iptables-save v1.3.5 on Sun Apr 10 14:37:17 2011 *filter :FORWARD ACCEPT [0:0] :INPUT DROP [0:0] :OUTPUT ACCEPT [0:0] # Accept traffic from internal interfaces -A INPUT ! -i eth1 -j ACCEPT # Accept traffic with the ACK flag set -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT # Allow incoming data that is part of a connection we established -A INPUT -m state --state ESTABLISHED -j ACCEPT # Allow data that is related to existing connections -A INPUT -m state --state RELATED -j ACCEPT # Accept responses to DNS queries -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT # Accept responses to our pings -A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT # Accept notifications of unreachable hosts -A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT # Accept notifications to reduce sending speed -A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT # Accept notifications of lost packets -A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT # Accept notifications of protocol problems -A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT # Allow connections to our SSH server -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # Allow connections to our IDENT server -A INPUT -p tcp -m tcp --dport auth -j ACCEPT # Respond to pings -A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT # Allow DNS zone transfers -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT # Allow DNS queries -A INPUT -p udp -m udp --dport 53 -j ACCEPT # Allow connections to webserver -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # Allow SSL connections to webserver -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # Allow connections to mail server -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 25,587 # Allow connections to FTP server -A INPUT -p tcp -m tcp --dport 20:21 -j ACCEPT # Allow connections to POP3 server -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 110,995 # Allow connections to IMAP server -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 143,220,993 # Allow connections to Webmin -A INPUT -p tcp -m tcp --dport 10000:10010 -j ACCEPT # Allow connections to Usermin -A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT COMMIT # Completed on Sun Apr 10 14:37:17 2011 # Generated by iptables-save v1.3.5 on Sun Apr 10 14:37:17 2011 *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed on Sun Apr 10 14:37:17 2011 # Generated by iptables-save v1.3.5 on Sun Apr 10 14:37:17 2011
-
04-12-2011, 04:23 AM #2Junior Guru Wannabe
- Join Date
- Sep 2010
- Posts
- 85
Hello,
I think your server may be infected . I would suggest you to ask your hosting provided to Investigate on it as it may not be your fault and ask them to scan the server with ClamAV antivirus .
http://www.clamav.net/lang/en/
Similar Threads
-
RED5 : banned from server for port scanning... :(
By SecondSight in forum Hosting Security and TechnologyReplies: 4Last Post: 03-21-2011, 07:45 AM -
Port Scanning issuse
By sherwood in forum Hosting Security and TechnologyReplies: 11Last Post: 04-19-2009, 09:56 AM -
Port Scanning? Abuse?
By Sightless in forum Employment / Job OffersReplies: 5Last Post: 03-02-2006, 11:16 PM -
Port scanning???
By atul in forum Hosting Security and TechnologyReplies: 1Last Post: 05-24-2004, 04:02 AM -
Please Help...asap...Mail Problems due to port scanning
By diesel1 in forum Dedicated ServerReplies: 1Last Post: 08-27-2002, 02:23 PM