Results 1 to 4 of 4
Thread: lfd with 400 connections!!
-
06-18-2018, 06:47 AM #1WHT Addict
- Join Date
- May 2016
- Posts
- 114
lfd with 400 connections!!
Hello,
I receive the below message from my csf firewall that says:
Code:lfd on VPS: 89.43.xxx.xxx (TR/Turkey) blocked with too many connections Connections: 400 Blocked: Temporary Block for 1800 seconds [CT_LIMIT] Connections: tcp: 89.43.xxx.xxx:38004 -> MyServerIP:80 (TIME_WAIT) tcp: 89.43.xxx.xxx:48414 -> MyServerIP:80 (TIME_WAIT) tcp: 89.43.xxx.xxx:55198 -> MyServerIP:80 (TIME_WAIT) tcp: 89.43.xxx.xxx:35606 -> MyServerIP:80 (TIME_WAIT) tcp: 89.43.xxx.xxx:51748 -> MyServerIP:80 (TIME_WAIT) tcp: 89.43.xxx.xxx:49874 -> MyServerIP:80 (TIME_WAIT) tcp: 89.43.xxx.xxx:43686 -> MyServerIP:80 (TIME_WAIT) tcp: 89.43.xxx.xxx:52308 -> MyServerIP:80 (TIME_WAIT) tcp: 89.43.xxx.xxx:58596 -> MyServerIP:80 (TIME_WAIT) tcp: 89.43.xxx.xxx:36102 -> MyServerIP:80 (TIME_WAIT) tcp: 89.43.xxx.xxx:35840 -> MyServerIP:80 (TIME_WAIT) tcp: 89.43.xxx.xxx:44042 -> MyServerIP:80 (TIME_WAIT) tcp: 89.43.xxx.xxx:54974 -> MyServerIP:80 (TIME_WAIT) tcp: 89.43.xxx.xxx:41036 -> MyServerIP:80 (TIME_WAIT) tcp: 89.43.xxx.xxx:54788 -> MyServerIP:80 (TIME_WAIT) ........
The 89.43.xxx.xxx is one IP that seems connect to my server...
Please can anyone explain what exactly that is?
I mean the IP 89.43.xxx.xxx make too many connections to MyServerIP port 80 OR from my server IP I make those connections??
The symbol -> What mean?
Please can anyone explain the above connections?
Thank you!
-
06-18-2018, 07:03 AM #2~~~~
- Join Date
- May 2008
- Posts
- 3,424
Looks pretty straight forward... the IP address 89.43.xxx.xxx had made 400 connections to your HTTP server (on port 80).
As to what it is, or what is it trying to accomplish, that's anyone's guess: could be a crawler, a bot, a malicious script trying to find exploits in your website, etc... it's really not that uncommon. Once your website is public you can expect such things to happen.Uptime Monitor - Minimize your downtime by being the first to know about it!
Blacklist Monitor - Are any of your IPs or Domains blacklisted? Find out before it gets to affect you or your clients.
-
06-18-2018, 07:13 AM #3WHT Addict
- Join Date
- May 2016
- Posts
- 114
Thank you so much for your answer!!
I was a bit confuse because very often I see the below:
Code:/usr/local/cpanel/3rdparty/perl/526/bin/perl Command Line (often faked in exploits): spamd child Network connections by the process (if any): tcp: 127.0.0.1:783 -> 127.0.0.1:34916 udp: MyServerIP:47963 -> 8.8.8.8:53
Now when I sow the 400 connections I say the 89.43.xxx.xxx had access to the server and make outgoing connections IP to where to MyServerIP?
Thank you again for your answer!
-
06-18-2018, 12:48 PM #4Knowledge is all
- Join Date
- Jul 2005
- Location
- here, there, where?
- Posts
- 4,102
127.0.0.1 is the loop back address for the network card, normal to see it. The other is a connection to google's dns services, again normal.
-Steven | Cooini, LLC
"It is the mark of an educated mind to be able to entertain a thought without accepting it" -Aristotle
Similar Threads
-
Can anyone recommend a good host with speedy connections to Japan and Hawaii?
By LaZogNa in forum Web HostingReplies: 2Last Post: 05-15-2003, 08:53 PM -
Dell PowerEdge 600SC with 400 gigs for $119
By Jeffbg123 in forum Dedicated Hosting OffersReplies: 4Last Post: 05-07-2003, 12:54 PM -
Free shell with IRC connections allowed?
By avara in forum Web Hosting LoungeReplies: 5Last Post: 03-26-2002, 09:59 PM