Server hacked on known port Post: 303029986

Sponsored Content

Special Forums Cybersecurity Server hacked on known port Post 303029986 by Neo on Monday 4th of February 2019 07:04:49 AM

02-04-2019

Administrator

Guys,

iptables -L lists all the rules used by iptables.

When it returns:

Code:

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

This means there are NO RULEs loaded, there are no ports being blocked. Nada. There is no filtering going on.

Nothing.

The server is wide open, based on the iptables -L output provided (from an iptables perspective).

The original poster wanted to know how a port was accessed because they thought they had iptable() working on their server.

iptables -L shows, definitively, what rules are being used, and it is case there are NO RULES.

This means, from an iptables perspective, the server is wide open.

That is why an intruder was able to gain access (not discussing, of course, any other issues on the server).

The OP apparently has written a bunch of rules, but does not understand how to enable or manage iptables().

Cheers.

Neo

View Public Profile for Neo

Visit Neo's homepage!

Find all posts by Neo

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

which port to write my server application?

I want to write a server application that would accept HTTP requests from client. The server would be on a machine that has no connection to the INTERNET. The clients that would be posting their HTTP requests would be doing so through webbrowser .Thus it would be sort of intranet application....

2. Linux

pc hacked

Hi, i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply, i think someone has put an script which generates enables the rules. But after restarting the iptables everything seems to be working...

3. UNIX for Dummies Questions & Answers

Old ATT Server Port Question

Just got old ATT server (10 base T)shipped and want to connect to Windows using com port. Got hardware to connect RJ45 from windows box & serial on ATT. I added XP static ip to host file but get no ping return. Do I have to open unix com port? How?

4. UNIX for Advanced & Expert Users

ssh port forward over three server

Hello there, I have a big problem, and I hope somebody can help me. I try to realize a port forward over three server. Here is a picture... Client Server1 | Server2 ------- ------- | ------- |...... | |...... | | |...... ...

5. Cybersecurity

How to know when you've been hacked

One of the most important ways to keep tou machine secure is to know when it has been broken into. The less time hackers have on your system, the less they can do to it, and the greater you chancens of kicking them off and repairing the damage. The more sophisticated the hacker, the less likely...

6. UNIX for Dummies Questions & Answers

Plesk Server Hacked - How to Backup

Hello! First of all: I am a newbie. :o :( I have a CentOS 64bit server with Plesk Panel 8.6. And have been hacked. :mad: After many tries and support tickets, I am configuring a new server, with Suse 11 and Plesk 9.2. I know that Plesk 8.6 have a backup utility (Parallels Plesk Control...

7. Cybersecurity

Different ssh fingerprints on server vs the one on port 22

Hi Guys, My certificate in /etc/ssh is different to what is on port 22. username@server:~$ ssh-keyscan -p 22 127.0.0.1 > /tmp/rsa.tmp # 127.0.0.1 SSH-1.99-OpenSSH_33.33 username@server:~$ ssh-keygen -lf /tmp/rsa.tmp 1024 46:something..................... 127.0.0.1...

8. Solaris

How to find port number wwn of particular port on dual port HBA,?

please find the below o/p for your reference bash-3.00# fcinfo hba-port HBA Port WWN: 21000024ff295a34 OS Device Name: /dev/cfg/c2 Manufacturer: QLogic Corp. Model: 375-3356-02 Firmware Version: 05.03.02 FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;...

LEARN ABOUT DEBIAN

gearman::server

Gearman::Server(3pm)					User Contributed Perl Documentation				      Gearman::Server(3pm)

NAME

       Gearman::Server - function call "router" and load balancer

DESCRIPTION

       You run a Gearman server (or more likely, many of them for both high-availability and load balancing), then have workers (using
       Gearman::Worker from the Gearman module, or libraries for other languages) register their ability to do certain functions to all of them,
       and then clients (using Gearman::Client, Gearman::Client::Async, etc) request work to be done from one of the Gearman servers.

       The servers connect them, routing function call requests to the appropriate workers, multiplexing responses to duplicate requests as
       requested, etc.

       More than likely, you want to use the provided gearmand wrapper script, and not use Gearman::Server directly.

METHODS

   new
	 $server_object = Gearman::Server->new( %options )

       Creates and returns a new Gearman::Server object, which attaches itself to the Danga::Socket event loop. The server will begin operating
       when the Danga::Socket runloop is started. This means you need to start up the runloop before anything will happen.

       Options:

       port
	   Specify a port which you would like the Gearman::Server to listen on for TCP connections (not necessary, but useful)

   create_listening_sock
	 $server_object->create_listening_sock( $portnum )

       Add a TCP port listener for incoming Gearman worker and client connections.

   start_worker
	 $pid = $server_object->start_worker( $prog )

	 ($pid, $client) = $server_object->start_worker( $prog )

       Fork and start a worker process named by $prog and returns the pid (or pid and client object).

SEE ALSO

       gearmand

perl v5.10.1							    2010-01-18						      Gearman::Server(3pm)