Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Port scanning help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Port scanning help

BuyAdsBuyAds Member
edited May 2015 in Help

Hello guys.

I got an abuse from hetzner that someone from my cPanel server (ssh access disabled for users) is scanning ports. Is there a option in centos/WHM to check who the hell he was?

Thank you guys!

edit: CSF is installed and configured and nothing got reported.

Comments

  • Check some logz

  • BuyAdsBuyAds Member

    @joodle said:
    Check some logz

    Hey joodle. What kind of logs Sir?

  • BlazeMuisBlazeMuis Member
    edited May 2015

    @BuyAds said:
    Hey joodle. What kind of logs Sir?

    System logs?

    Just take a peek in /var/logs

    Thanked by 1BuyAds
  • BuyAdsBuyAds Member

    Thank you @joodle

    What should I look for? Should be something with scanning?

  • IshaqIshaq Member

    Direct SSH access is not required to port scan, some PHP modules like exec can do this.

    Thanked by 1BuyAds
  • BuyAdsBuyAds Member

    @Ishaq said:
    Direct SSH access is not required to port scan, some PHP modules like exec can do this.

    Thank you Sir. If I disable exec can this be stopped? Anyway, in what log file should I look and what should I look. Thank you

  • getvpsgetvps Member

    @BuyAds: at begin check ps/netstat to see if is still alive the 'attacker', may generate this scans some apps (maybe), if you cant see nothing suspicious here, check system logs/httpd logs, if still nothing try to scan your system with rkhunter and maybe check .php files for some backdoors

Sign In or Register to comment.