Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 25 Feb 2006 15:45:49 -0500
From:      "fbsd_user" <fbsd_user@a1poweruser.com>
To:        "The Happy" <dead_line@hotmail.com>, <freebsd-questions@freebsd.org>
Subject:   RE: Is it hack? How to prevent!
Message-ID:  <MIEPLLIBMLEEABPDBIEGIEMAHCAA.fbsd_user@a1poweruser.com>
In-Reply-To: <BAY20-F1AB7FAA65EB0C24FE40989AF00@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help 
What this means is you have no firewall blocking
the port numbers those services use.

Or you really do have mysql, and SSH installed and people are
trying to remotely login and your box is doing its job of
denying the unauthorized login attempt.

But my money is on the firewall.
You have none or it's rules are not correct.

Read the firewall section of the FreeBSD handbook and
use the ipfilter example rule set.

As an after though, 4.8 is an unsupported system
and 6.0 is the current production version.
Time to upgrade by installing from scratch 6.0.

Give the Install Guide at www.a1poweruser.com a look.

-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of The Happy
Sent: Saturday, February 25, 2006 10:46 AM
To: freebsd-questions@freebsd.org
Subject: Is it hack? How to prevent!


Hello everyone,

    I'm on freebsd 4.8R acting as a webserver and email server, I keep
getting
    In my /var/log/messages a strange 3 type of messages,

1)
   mysqld[8541]: error: /etc/hosts.allow, line 212: twist option in
resident
process
   last message repeated 73 times

2)
  inetd[50977]: warning: /etc/hosts.allow, line 25: host name/address
mismatch: 208.34.235.251 !=
  mail.nrms.org

3)
  sshd[40712]: warning: /etc/hosts.allow, line 25: can't verify
hostname:
getaddrinfo(na-163-
  219.na.avantel.net.mx, AF_INET) failed
  (I keep getting differnt host everytime)

  about messages 2 and 3 i think its some hacks attempts How i can
preven
this type of
  access? unmatched IPs?

  what about messages number 1? what doest mean is it hack attempt?

  My logs are full of these messages, please help
  Note line 25 in /etc/hosts.allow is ALL : .temma.net : deny and has
nothing to do with these logs
  its just the first rule in the file.

  Thank you in advance.

  Marwan

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's
FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGIEMAHCAA.fbsd_user>