Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Port scanning help
New on LowEndTalk? Please Register and read our Community Rules.

Port scanning help

BuyAdsBuyAds Member
edited May 2015 in Help

Hello guys.

I got an abuse from hetzner that someone from my cPanel server (ssh access disabled for users) is scanning ports. Is there a option in centos/WHM to check who the hell he was?

Thank you guys!

edit: CSF is installed and configured and nothing got reported.

Buy Site Ads - Advertising Platform

Comments

  • Check some logz

  • BuyAdsBuyAds Member

    @joodle said:
    Check some logz

    Hey joodle. What kind of logs Sir?

    Buy Site Ads - Advertising Platform

  • BlazeMuisBlazeMuis Member
    edited May 2015

    @BuyAds said:
    Hey joodle. What kind of logs Sir?

    System logs?

    Just take a peek in /var/logs

    Thanked by 1BuyAds
  • BuyAdsBuyAds Member

    Thank you @joodle

    What should I look for? Should be something with scanning?

    Buy Site Ads - Advertising Platform

  • IshaqIshaq Member, Provider

    Direct SSH access is not required to port scan, some PHP modules like exec can do this.

    Thanked by 1BuyAds
    [BudgetNode] DDoS Protected. 7 Locations (US/EU). Check out our latest offer!
  • BuyAdsBuyAds Member

    @Ishaq said:
    Direct SSH access is not required to port scan, some PHP modules like exec can do this.

    Thank you Sir. If I disable exec can this be stopped? Anyway, in what log file should I look and what should I look. Thank you

    Buy Site Ads - Advertising Platform

  • getvpsgetvps Member

    @BuyAds: at begin check ps/netstat to see if is still alive the 'attacker', may generate this scans some apps (maybe), if you cant see nothing suspicious here, check system logs/httpd logs, if still nothing try to scan your system with rkhunter and maybe check .php files for some backdoors

Sign In or Register to comment.