460 Attacks from 127.0.0.1

Support for security such as Firewalls and securing linux
hafied1
Posts: 11
Joined: 2015/11/22 15:35:46

460 Attacks from 127.0.0.1

Postby hafied1 » 2015/11/22 15:39:40

Hello,

Please how can I ban attacks from 127.0.0.1 :

76 68.180.230.41
9 105.108.88.176
10 196.46.249.218
15 109.239.235.247
16 105.102.88.44
18 105.101.27.145
8 2400
460 127.0.0.1

Thank you

Whoever
Posts: 964
Joined: 2013/09/06 03:12:10

Re: 460 Attacks from 127.0.0.1

Postby Whoever » 2015/11/22 17:41:45

hafied1 wrote:Hello,

Please how can I ban attacks from 127.0.0.1 :

76 68.180.230.41
9 105.108.88.176
10 196.46.249.218
15 109.239.235.247
16 105.102.88.44
18 105.101.27.145
8 2400
460 127.0.0.1

Thank you


If you really are being attacked from 127.0.0.1, then it is too late -- your machine is already compromised. 127.0.0.1 is the "loopback" interface: your own machine.

Why do you think that you are being attacked from 127.0.0.1? Perhaps you are mis-reading some logs?

hafied1
Posts: 11
Joined: 2015/11/22 15:35:46

Re: 460 Attacks from 127.0.0.1

Postby hafied1 » 2015/11/22 20:11:08

When I use this command :

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

11 109.239.235.247
18 105.102.88.44
19 105.101.27.145
9 2400
331 127.0.0.1

User avatar
avij
Forum Moderator
Posts: 2179
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: 460 Attacks from 127.0.0.1

Postby avij » 2015/11/22 20:33:23

Those are open connections, not attacks.

hafied1
Posts: 11
Joined: 2015/11/22 15:35:46

Re: 460 Attacks from 127.0.0.1

Postby hafied1 » 2015/11/22 20:34:46

avij wrote:Those are open connections, not attacks.

Comment les bloquer car des fois j'ai plus de 600 connections ce qui bloque le serveur

User avatar
jyoung
Posts: 102
Joined: 2014/09/22 13:40:31
Location: Nashville, TN, USA

Re: 460 Attacks from 127.0.0.1

Postby jyoung » 2015/11/22 20:50:35

How about the output of this?

Code: Select all

sudo netstat -tupn | grep 127.0.0.1 | gawk '{print $NF}' | uniq -c
-- Jeremy --

hafied1
Posts: 11
Joined: 2015/11/22 15:35:46

Re: 460 Attacks from 127.0.0.1

Postby hafied1 » 2015/11/22 21:09:43

1 23841/php-fpm
1 -
1 23828/php-fpm
1 3089/memcached
1 -
1 23826/php-fpm
1 -
1 23850/php-fpm
1 -
1 23839/php-fpm
1 23829/php-fpm
2 -
1 3089/memcached
2 -
1 23840/php-fpm
4 3089/memcached
1 23838/php-fpm
5 -
1 23834/php-fpm
1 23836/php-fpm
1 -
1 3089/memcached
1 -
3 3089/memcached
1 -
1 3916/varnishd
1 3089/memcached
2 -
1 23835/php-fpm
1 -
1 3089/memcached
1 3916/varnishd
1 17920/nginx
2 -
1 23843/php-fpm
1 -
1 3089/memcached
1 23842/php-fpm
1 -
3 3089/memcached
1 -
1 3089/memcached
2 -
1 17922/nginx
1 3916/varnishd
1 23833/php-fpm
1 3089/memcached
1 -
1 3916/varnishd
1 -
1 23847/php-fpm
1 3089/memcached
1 23830/php-fpm
1 17922/nginx
2 -
1 3089/memcached
1 -
1 23837/php-fpm
4 -
1 17922/nginx
1 -
1 3089/memcached
1 -
1 23832/php-fpm
1 -
1 23849/php-fpm
1 3089/memcached
3 -
2 3916/varnishd
1 17920/nginx
1 -
1 3089/memcached
1 23845/php-fpm
2 3916/varnishd
1 -
1 23844/php-fpm
1 3089/memcached
1 -
1 23827/php-fpm
1 23831/php-fpm
1 17920/nginx
4 -
1 3089/memcached
1 -
1 17922/nginx
1 -
1 23848/php-fpm
2 -
1 23846/php-fpm
1 -

User avatar
jyoung
Posts: 102
Joined: 2014/09/22 13:40:31
Location: Nashville, TN, USA

Re: 460 Attacks from 127.0.0.1

Postby jyoung » 2015/11/22 21:15:23

Looks like we're just talking about a busy web server...
-- Jeremy --

hafied1
Posts: 11
Joined: 2015/11/22 15:35:46

Re: 460 Attacks from 127.0.0.1

Postby hafied1 » 2015/11/22 21:21:01

jyoung wrote:Looks like we're just talking about a busy web server...

I have strong dedicated server.

User avatar
jyoung
Posts: 102
Joined: 2014/09/22 13:40:31
Location: Nashville, TN, USA

Re: 460 Attacks from 127.0.0.1

Postby jyoung » 2015/11/22 21:31:24

That's not my point. You're running nginx, php-fpm and memcached on your dedicated server. With the information that you've provided, the number of connections to your loopback address doesn't seem abnormal.
-- Jeremy --