How to do if my server brute force attack to another server

maiijarb · Jul 31, 2012

Hello,

I get notice from NOC

" my FTP site registered many failed FTP login attempts from an IP address belonging to you: 1.2.3.4 "

1.2.3.4 is my server ip

How to check which point is cause of problem

Thank you.

scsi · Jul 31, 2012

So they are saying they are getting brute force attempts from your server to another server? Depending on how it happened it might be hard to track down. You could go through logs in /var/log but I doubt it would come up with anything. Either you have an affected site on your server or an abusive user. If it was from any of the websites you were hosting the logs would be in /var/log/httpd, but if you are not familiar with what you are looking for your best bet would be to hire an administration company that can go through your server and help you determine what caused the problem.

nobaloney · Aug 2, 2012

maiijarb said:
How to check which point is cause of problem

Certainly before you do anything else block all outbound traffic to his IP#; that's just being a good neighbor.

Jeff

How to do if my server brute force attack to another server

maiijarb

Verified User

scsi

Verified User

nobaloney

NoBaloney Internet Svcs - In Memoriam †