lfd on admin.mydomain.com: UID 1021 (mydomainusername) Tracking Hit

Post Reply
elsevero
Junior Member
Posts: 3
Joined: 04 Oct 2019, 16:51

lfd on admin.mydomain.com: UID 1021 (mydomainusername) Tracking Hit

Post by elsevero »

Starting couple of months ago I've started to receive the following messages within my e-mail:

Code: Select all

Time:    Tue Nov 19 21:59:19 2019 +0200
UID:     1021 (mydomainusername)
Hits:    11

Sample of port hits:
Nov 19 21:54:02 admin kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=11.110.0.20 DST=41.216.186.161 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=22413 DF PROTO=TCP SPT=60868 DPT=44540 WINDOW=28400 RES=0x00 SYN URGP=0 UID=1021 GID=1024 
Nov 19 21:54:03 admin kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=11.110.0.20 DST=41.216.186.161 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=22414 DF PROTO=TCP SPT=60868 DPT=44540 WINDOW=28400 RES=0x00 SYN URGP=0 UID=1021 GID=1024 
Nov 19 21:58:52 admin kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=11.110.0.20 DST=41.216.186.161 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=39560 DF PROTO=TCP SPT=60932 DPT=44540 WINDOW=28400 RES=0x00 SYN URGP=0 UID=1021 GID=1024 
Nov 19 21:58:53 admin kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=11.110.0.20 DST=41.216.186.161 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=39561 DF PROTO=TCP SPT=60932 DPT=44540 WINDOW=28400 RES=0x00 SYN URGP=0 UID=1021 GID=1024 
Nov 19 21:59:14 admin kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=11.110.0.20 DST=184.94.196.93 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52952 DF PROTO=TCP SPT=53068 DPT=1 WINDOW=28400 RES=0x00 SYN URGP=0 UID=1021 GID=1024 
Nov 19 21:59:14 admin kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=11.110.0.20 DST=204.10.37.146 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1573 DF PROTO=TCP SPT=47026 DPT=1 WINDOW=28400 RES=0x00 SYN URGP=0 UID=1021 GID=1024 
Nov 19 21:59:14 admin kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=11.110.0.20 DST=208.109.109.239 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=17054 DF PROTO=TCP SPT=54248 DPT=1 WINDOW=28400 RES=0x00 SYN URGP=0 UID=1021 GID=1024 
Nov 19 21:59:14 admin kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=11.110.0.20 DST=66.71.244.18 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=28570 DF PROTO=TCP SPT=41330 DPT=1 WINDOW=28400 RES=0x00 SYN URGP=0 UID=1021 GID=1024 
Nov 19 21:59:14 admin kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=11.110.0.20 DST=196.4.160.79 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=39432 DF PROTO=TCP SPT=36900 DPT=1 WINDOW=28400 RES=0x00 SYN URGP=0 UID=1021 GID=1024 
Nov 19 21:59:16 admin kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=11.110.0.20 DST=212.83.32.25 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=17422 DF PROTO=TCP SPT=41968 DPT=1 WINDOW=28400 RES=0x00 SYN URGP=0 UID=1021 GID=1024 
Nov 19 21:59:18 admin kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=11.110.0.20 DST=190.210.244.117 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=22318 DF PROTO=TCP SPT=56566 DPT=1 WINDOW=28400 RES=0x00 SYN URGP=0 UID=1021 GID=1024
Does anyone knows what's the nature of these logs?

Not sure, I have a scenario on which is like the following:

On this account I had installed a Wordpress and it was deployed a website with admin as username and admin as password (by mistake), since then I suspect that I'm only getting the following e-mails.

Will recreate the cPanel account and see if the logs keep coming. Hope not.

Regards.
Top
Post Reply

Return to “General Discussion (csf)”