Results 1 to 7 of 7
Thread: Abuse issue
-
01-23-2008, 10:25 AM #1Web Hosting Master
- Join Date
- Jan 2004
- Location
- <<Canada>>
- Posts
- 736
Abuse issue
I got Abuse issue Tickets from FDC today, Which i have install new OS few days ago, only have 2 website i know they would not send out any spam email or anything..
Due to the below email, their is an abuse issue with your server. You have 24hrs
to respond on how you will correct this issue before we null route the ip.
Further complaints, without action may result in deactivation of your server.
Thanks for your cooperation.
--begin disclaimer
You are receiving this message because you are listed as contact of
one of the networks or domains involved in this incident. If you are
not the correct contact please ignore this message.
--end
Dear Mr,
Please investigate the incident described in the following partial log,
giving the treatment as your AUP permit, reporting the measures to all
recipients of this message.
In case of non acceptable treatment or reincidence, it will be taken
restrictive measures to protect .BR registry.
Info---------------------------------------------------------------------
Timezone: GMT -2:00
The port in question was 10000 - registered in IANA[2] for: Network Data
Management Protocol
The e-mail contact it was gotten by the following consultation:
whois -h whois.lacnic.net 66.90.101.xxx
Whois-----------------------------------------------------------------------
% Joint Whois - whois.lacnic.net
% This server accepts single ASN, IPv4 or IPv6 queries
OrgName: FDC Servers.net, LLC
OrgID: FDCSE
Address: 141 West Jackson Blvd, Suite 1135
City: Chicago
StateProv: IL
PostalCode: 60604
Country: US
NetRange: 66.90.64.0 - 66.90.127.255
CIDR: 66.90.64.0/18
NetName: FDCSERVERS
NetHandle: NET-66-90-64-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
Comment:
RegDate: 2003-08-18
Updated: 2004-02-26
OrgAbuseHandle: ABUSE438-ARIN
OrgAbuseName: ABUSE department
OrgAbusePhone: +1-312-913-9304
OrgAbuseEmail: abuse@fdcservers.net
OrgNOCHandle: NOC1402-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-312-913-9304
OrgNOCEmail: abuse@fdcservers.net
OrgTechHandle: PKR5-ARIN
OrgTechName: Kral, Petr
OrgTechPhone: +1-630-729-0228
OrgTechEmail: abuse@fdcservers.net
# ARIN WHOIS database, last updated 2008-01-22 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Logs-----------------------------------------------------------------------
Jan 22 11:51:08.961984 66.90.101.xxx.59733 > xxx.xxx.2.8.10000: S [tcp sum
ok] 1684154077:1684154077(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 47077, len 48)
Jan 22 11:51:08.962002 66.90.101.xxx.59733 > xxx.xxx.2.15.10000: S [tcp sum
ok] 2112584473:2112584473(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
116, id 54111, len 48)
Jan 22 11:51:08.962018 66.90.101.xxx.59733 > xxx.xxx.2.11.10000: S [tcp sum
ok] 784051742:784051742(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
id 34960, len 48)
Jan 22 11:51:08.962043 66.90.101.xxx.59733 > xxx.xxx.2.16.10000: S [tcp sum
ok] 188686613:188686613(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
id 8194, len 48)
Jan 22 11:51:08.962057 66.90.101.xxx.59733 > xxx.xxx.2.10.10000: S [tcp sum
ok] 1829533742:1829533742(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 26158, len 48)
Jan 22 11:51:08.962080 66.90.101.xxx.59733 > xxx.xxx.2.12.10000: S [tcp sum
ok] 1559560773:1559560773(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
116, id 4558, len 48)
Jan 22 11:51:08.962093 66.90.101.xxx.59733 > xxx.xxx.2.9.10000: S [tcp sum
ok] 60930635:60930635(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117, id
551, len 48)
Jan 22 11:51:08.965238 66.90.101.xxx.59733 > xxx.xxx.2.3.10000: S [tcp sum
ok] 1935758257:1935758257(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
116, id 30880, len 48)
Jan 22 11:51:08.965255 66.90.101.xxx.59733 > xxx.xxx.2.6.10000: S [tcp sum
ok] 320818338:320818338(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
id 64458, len 48)
Jan 22 11:51:08.965269 66.90.101.xxx.59733 > xxx.xxx.2.5.10000: S [tcp sum
ok] 1008076437:1008076437(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
116, id 61696, len 48)
Jan 22 11:51:08.965358 66.90.101.xxx.59733 > xxx.xxx.2.7.10000: S [tcp sum
ok] 1245430327:1245430327(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 36480, len 48)
Jan 22 11:51:08.965457 66.90.101.xxx.59733 > xxx.xxx.2.4.10000: S [tcp sum
ok] 793274186:793274186(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
id 61857, len 48)
Jan 22 11:51:09.021874 66.90.101.xxx.59733 > xxx.xxx.3.3.10000: S [tcp sum
ok] 1996503177:1996503177(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 52385, len 48)
Jan 22 11:51:09.021889 66.90.101.xxx.59733 > xxx.xxx.3.2.10000: S [tcp sum
ok] 889471784:889471784(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
id 47750, len 48)
Jan 22 11:51:09.021901 66.90.101.xxx.59733 > xxx.xxx.3.10.10000: S [tcp sum
ok] 1172132754:1172132754(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
116, id 4789, len 48)
Jan 22 11:51:09.021913 66.90.101.xxx.59733 > xxx.xxx.3.6.10000: S [tcp sum
ok] 996827291:996827291(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
id 35755, len 48)
Jan 22 11:51:09.021977 66.90.101.xxx.59733 > xxx.xxx.3.7.10000: S [tcp sum
ok] 2042869772:2042869772(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 40982, len 48)
Jan 22 11:51:09.021997 66.90.101.xxx.59733 > xxx.xxx.3.15.10000: S [tcp sum
ok] 634319381:634319381(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
id 30669, len 48)
Jan 22 11:51:09.022027 66.90.101.xxx.59733 > xxx.xxx.3.11.10000: S [tcp sum
ok] 2131637759:2131637759(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 27812, len 48)
Jan 22 11:51:09.022039 66.90.101.xxx.59733 > xxx.xxx.3.14.10000: S [tcp sum
ok] 1309555074:1309555074(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 10431, len 48)
Jan 22 11:51:09.022142 66.90.101.xxx.59733 > xxx.xxx.3.25.10000: S [tcp sum
ok] 989958199:989958199(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
id 45799, len 48)
Jan 22 11:51:09.022191 66.90.101.xxx.59733 > xxx.xxx.3.24.10000: S [tcp sum
ok] 101883680:101883680(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
id 49362, len 48)
Jan 22 11:51:09.022257 66.90.101.xxx.59733 > xxx.xxx.3.26.10000: S [tcp sum
ok] 210025634:210025634(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
id 59831, len 48)
Jan 22 11:51:09.022311 66.90.101.xxx.59733 > xxx.xxx.3.27.10000: S [tcp sum
ok] 1944286393:1944286393(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 32133, len 48)
Jan 22 11:51:09.022354 66.90.101.xxx.59733 > xxx.xxx.3.29.10000: S [tcp sum
ok] 528531788:528531788(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
id 60511, len 48)
Jan 22 11:51:09.022366 66.90.101.xxx.59733 > xxx.xxx.3.30.10000: S [tcp sum
ok] 1256955455:1256955455(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 46928, len 48)
Jan 22 11:51:09.022454 66.90.101.xxx.59733 > xxx.xxx.3.28.10000: S [tcp sum
ok] 917687525:917687525(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
id 11226, len 48)
Jan 22 11:51:09.022466 66.90.101.xxx.59733 > xxx.xxx.3.31.10000: S [tcp sum
ok] 740855272:740855272(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
id 46629, len 48)
Jan 22 11:51:09.025217 66.90.101.xxx.59733 > xxx.xxx.3.0.10000: S [tcp sum
ok] 1932864041:1932864041(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 10616, len 48)
Jan 22 11:51:09.025331 66.90.101.xxx.59733 > xxx.xxx.3.9.10000: S [tcp sum
ok] 166285570:166285570(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
id 59532, len 48)
Jan 22 11:51:09.025368 66.90.101.xxx.59733 > xxx.xxx.3.1.10000: S [tcp sum
ok] 945510895:945510895(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
id 16635, len 48)
Jan 22 11:51:09.025381 66.90.101.xxx.59733 > xxx.xxx.3.12.10000: S [tcp sum
ok] 1458343556:1458343556(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
116, id 45004, len 48)
Jan 22 11:51:09.025401 66.90.101.xxx.59733 > xxx.xxx.3.5.10000: S [tcp sum
ok] 1553092366:1553092366(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 15188, len 48)
Jan 22 11:51:09.025413 66.90.101.xxx.59733 > xxx.xxx.3.16.10000: S [tcp sum
ok] 1619343055:1619343055(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
116, id 55400, len 48)
Jan 22 11:51:09.025477 66.90.101.xxx.59733 > xxx.xxx.3.4.10000: S [tcp sum
ok] 721764457:721764457(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
id 62736, len 48)
Jan 22 11:51:09.025515 66.90.101.xxx.59733 > xxx.xxx.3.8.10000: S [tcp sum
ok] 626624473:626624473(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
id 39994, len 48)
Jan 22 11:51:09.025529 66.90.101.xxx.59733 > xxx.xxx.3.19.10000: S [tcp sum
ok] 83345541:83345541(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116, id
26960, len 48)
Jan 22 11:51:09.025549 66.90.101.xxx.59733 > xxx.xxx.3.20.10000: S [tcp sum
ok] 486329073:486329073(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
id 48354, len 48)
Jan 22 11:51:09.025570 66.90.101.xxx.59733 > xxx.xxx.3.21.10000: S [tcp sum
ok] 152174292:152174292(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
id 62177, len 48)
Jan 22 11:51:09.025582 66.90.101.xxx.59733 > xxx.xxx.3.17.10000: S [tcp sum
ok] 420713422:420713422(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117,
id 36980, len 48)
Jan 22 11:51:09.025594 66.90.101.xxx.59733 > xxx.xxx.3.13.10000: S [tcp sum
ok] 2056062441:2056062441(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 59477, len 48)
Jan 22 11:51:09.025606 66.90.101.xxx.59733 > xxx.xxx.3.22.10000: S [tcp sum
ok] 1508406195:1508406195(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
116, id 33126, len 48)
Jan 22 11:51:09.025627 66.90.101.xxx.59733 > xxx.xxx.3.23.10000: S [tcp sum
ok] 571253529:571253529(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
id 34639, len 48)
Jan 22 11:51:09.025826 66.90.101.xxx.59733 > xxx.xxx.3.32.10000: S [tcp sum
ok] 2073225781:2073225781(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
116, id 10712, len 48)
Jan 22 11:51:09.025967 66.90.101.xxx.59733 > xxx.xxx.3.33.10000: S [tcp sum
ok] 1848571470:1848571470(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 52465, len 48)
Jan 22 11:51:09.033609 66.90.101.xxx.59733 > xxx.xxx.3.38.10000: S [tcp sum
ok] 969738274:969738274(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116,
id 64137, len 48)
Jan 22 11:51:09.033622 66.90.101.xxx.59733 > xxx.xxx.3.35.10000: S [tcp sum
ok] 1291978731:1291978731(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 64584, len 48)
Jan 22 11:51:09.033698 66.90.101.xxx.59733 > xxx.xxx.3.34.10000: S [tcp sum
ok] 2063395517:2063395517(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 27665, len 48)
Jan 22 11:51:09.033771 66.90.101.xxx.59733 > xxx.xxx.3.39.10000: S [tcp sum
ok] 1578638919:1578638919(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 48086, len 48)
Jan 22 11:51:09.033783 66.90.101.238.59733 > xxx.xxx.3.42.10000: S [tcp sum
ok] 1090390350:1090390350(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
117, id 53810, len 48)
...262 lines
References
----------------------------------------------------------------------------
[1] www.iana.org/assignments/port-numbers
Regards,
<<< Please see Forum Guidelines for signature setup. >>>
-
01-23-2008, 12:20 PM #2Newbie
- Join Date
- Sep 2006
- Location
- New York
- Posts
- 26
-
01-23-2008, 02:50 PM #3Web Hosting Master
- Join Date
- Jan 2004
- Location
- <<Canada>>
- Posts
- 736
I just host 2 forum and one image site..
<<< Please see Forum Guidelines for signature setup. >>>
-
01-23-2008, 03:29 PM #4Newbie
- Join Date
- Sep 2006
- Location
- New York
- Posts
- 26
-
01-23-2008, 03:38 PM #5Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
I'll get to the point, your server appears to be flooding another server with TCP packets on port 10000. Why? Most likely as an attempt to launch a Denial of Service attack and disrupt access to the other server.
Instead of just guessing as to whether you have been compromised, or if someone is using your server maliciously (without root access) to launch this apparent attack, hire a server management company that specializes in security who can thoroughly investigate the complaint and properly secure your server.RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca
www.HostingSecList.com - Security Notices for the Hosting Community.
-
01-23-2008, 03:55 PM #6Web Hosting Master
- Join Date
- Jan 2003
- Location
- U.S.A.
- Posts
- 3,928
I am guessing that most likely your on a reseller account and client of yours is dos another server.
-
01-23-2008, 08:07 PM #7Web Hosting Master
- Join Date
- Jan 2004
- Location
- <<Canada>>
- Posts
- 736
I ave hire platinumservermanagement do the clean up job,, I hope they will do nice job..
I no longer host any clients, this is server for out 2 website. AND it dedicated server..<<< Please see Forum Guidelines for signature setup. >>>