mattclements Posted October 25, 2010 Share Posted October 25, 2010 Hello all, Our dedicated server was suspended for a short time today with the following security log (switch traffic) issues. I added a firewall rule to get this sorted for now however does anybody have any idea what this could be? 06:11:04.017603 IP x.x.x.x.52218 > y.y.y.y.110: UDP, length 15 ? Regards, Matt Quote Link to comment https://forums.phpfreaks.com/topic/216766-security-issue-rootkit/ Share on other sites More sharing options...
Pikachu2000 Posted October 25, 2010 Share Posted October 25, 2010 Not 100% certain, but it appears to be mail related. Is your mail server set up as an open relay, perchance? Do you have any contact forms that haven't been protected against email header injection? Quote Link to comment https://forums.phpfreaks.com/topic/216766-security-issue-rootkit/#findComment-1126195 Share on other sites More sharing options...
divinequran Posted December 10, 2010 Share Posted December 10, 2010 Hi, I am curious to know about the problem, have you found what the issue is? Quote Link to comment https://forums.phpfreaks.com/topic/216766-security-issue-rootkit/#findComment-1145224 Share on other sites More sharing options...
j.smith1981 Posted October 12, 2011 Share Posted October 12, 2011 It looks to me like someones been trying to get into the POP3 service as POP3 works on port 110. But on UDP (standing for of course User Datagram Protocol) connectionless network protocol good for media streaming but rubbish for sending over complete documents over any kind of network, as you would very often get (if not all the time) corrupted data on the receiving end (in this case being emails of course). I would being that I have spent some time in working on PHP sockets would say you would be wise to block all UDP traffic to port 110, but does anyone know if POP3 uses UDP? I am not 100% sure as it could stop you receiving emails, I am not too sure. I mean I have never looked out for POP3 using UDP but never seen it being used on my router (from what I can remember of course) which keeps track of all current states of my own network which houses my own small based server. Hope this helps anyways, Jeremy. Quote Link to comment https://forums.phpfreaks.com/topic/216766-security-issue-rootkit/#findComment-1278599 Share on other sites More sharing options...
Pikachu2000 Posted October 12, 2011 Share Posted October 12, 2011 This thread is approaching a year old, in case you hadn't noticed. Quote Link to comment https://forums.phpfreaks.com/topic/216766-security-issue-rootkit/#findComment-1278631 Share on other sites More sharing options...
j.smith1981 Posted October 13, 2011 Share Posted October 13, 2011 Yea I just thought I would tell anyone that has had the same problem that's all Quote Link to comment https://forums.phpfreaks.com/topic/216766-security-issue-rootkit/#findComment-1278899 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.