Hello everyone. I was looking at why my server was running hotter than usual, and found the following connection when I ran an "lsof | grep perl": perl 32377 www-data 4u IPv4 299311 0t0 TCP server1.myserver.com:45820->42-73-46-200-ip.alianzaviva.net:81 (ESTABLISHED) I saw three of these connections, and immediately after I killed them, the server load dropped significantly. Is there anything I need to look out for? What could they have been doing on my server connecting thru port 81? Please help! sERGE
It's registered via Networksolutions in Panama: Code: Domain Name: ALIANZAVIVA.NET Registry Domain ID: Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http//www.networksolutions.com/en_US/ Updated Date: 2013-04-13 Creation Date: 2001-07-23 Registrar Registration Expiration Date: 2014-07-23 Registrar: NETWORK SOLUTIONS, LLC. Registrar IANA ID: 2 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: 1-800-333-7680 Reseller: Domain Status: clientTransferProhibited Registry Registrant ID: Registrant Name: Alianza Viva Registrant Organization: Alianza Viva Registrant Street: Panama Registrant City: No Valid City Registrant State: No Valid State You could send an Abuse Mail and complain about the attack.
Had anyone ever got any results from an abuse complaint? seriously Anyway, sounds like the same thing I'm getting: PHP 5.x Remote Code Execution Exploit http://www.howtoforge.com/forums/showthread.php?t=63740
Networksolutions will not do anything! I had once a doamin with them and changed after 2 month because of many problems incl. uncontrollable spam etc.! That was quite some years ago, and it seems nothing has changed with them! I was read a few weeks ago about same problems with them and not replying or answering any complaint. That said, I would never touch them again. I've excellent experiences with NO-IP.com and namecheap.com. Both having an excellent service and responding very fast as well.
