1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Web Server and Port Scanning attacks

Discussion in 'Security' started by gohighvoltage, Dec 16, 2011.

  1. #1
    My VPS webserver has CSF & LFD installed. I love it. Oddly though, I get about 10-30 blocks every day notifying me of port scanning attacks from all over the world.
    SEMrush
    Is this normal? I never knew that so many hackers look for ways to break into websites!

    The above is only port scanning attempts, I also get a good bunch of blocks from wrong passwords into root.

    Crazy!
     
    gohighvoltage, Dec 16, 2011 IP
    SEMrush
  2. kokopelli

    kokopelli Peon

    Messages:
    2,436
    Likes Received:
    29
    Best Answers:
    0
    Trophy Points:
    0
    #2
    I also have CSF, the best firewall IMHO. Yes, if you have a busy server, you'll be amazed at the number of hacking etc. attempts a day. You can disable email notifications if they become too much.
     
    kokopelli, Dec 20, 2011 IP
  3. PISG

    PISG Member

    Messages:
    16
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    31
    #3
    Don't worry. This is normal. Only change ssh port and frequently change password if there is failed authentications. Also, disable unneeded ports.
     
    PISG, Dec 28, 2011 IP
  4. amigoserv.com

    amigoserv.com Peon

    Messages:
    35
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    he already installed CSF , so he should not worry about those post scanning and even BrufeForce attacks
     
    amigoserv.com, Jan 2, 2012 IP
  5. SolidShellSecurity

    SolidShellSecurity Banned

    Messages:
    262
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    45
    #5
    We get these type of attacks all the time, it just happens. You can disable notifications if they annoy you.
     
    SolidShellSecurity, Jan 10, 2012 IP
  6. HostingLynx

    HostingLynx Active Member

    Messages:
    106
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    83
    Articles:
    10
    #6
    Port scanning is quite commen. In most cases its footprinting to see if your server has any vulnerable services, but some people just "nmap"(port scanning tool) the internet for fun to see what is out there on the web.
     
    HostingLynx, Feb 7, 2012 IP
  7. thenetedge

    thenetedge Member

    Messages:
    23
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    36
    #7
    This is commons. Keep watch on the IPs from which country you are getting most attacks. You can block entire country if you don't have any client from attacking country. However, this is infeasible for 99% of the servers. Make sure to change password every 15 to 30 days. You can also configure sudo and have SSH key access.
     
    thenetedge, Feb 9, 2012 IP