Port 80?

Tyler Aviss tjaviss-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Jun 25 01:40:04 UTC 2009


I don't want to seem like a jerk, but if it's critical that it be up,
and you can't fix it yourself, then it's probably worth paying
somebody to give you a hand (not volunteering myself, but suggesting
it as an option if this is time-critical).



On Wed, Jun 24, 2009 at 12:49 PM, cameron lord<trieocorp-PkbjNfxxIARBDgjK7y7TUQ at public.gmane.org> wrote:
> Michael, i think you right, but what should i do?
> I need my data server online at all times!
> My isp (rogers) cant block the ip address,
> they say they need it!
> I also cant stop the data flow, the NSD has no controls its just a piece of
> hardware!
> Help?
>
>> From: mlauzon-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
>> Date: Tue, 23 Jun 2009 17:55:16 -0400
>> Subject: Re: [TLUG]: Port 80?
>> To: tlug-lxSQFCZeNF4 at public.gmane.org
>>
>> On Tue, Jun 23, 2009 at 17:41, cameron lord<trieocorp-PkbjNfxxIARBDgjK7y7TUQ at public.gmane.org> wrote:
>> > I already did, it still says apache, i hoked up my winxp laptop (sucks)
>> > to
>> > my swiches listen port, i have an intrusion problem o.O i found that
>> > when i
>> > run Wireshark i see TONNNS of data comming from my networked storage
>> > unit
>> > to, 99.243.63.182(AXCellsecure.trieocorp.e6a2ffi6ad.xxx.xxx.xxx.xxx)
>> > which
>> > is fine, its my isp assinged ip adderss, but when i look at the same
>> > addr
>> > on the computer it was given to , i have no traffic, and the data only
>> > flows
>> > when the the computer at my location is off. Also when i listen on my
>> > Firebox watchgaurd i see no traffic except for pings and dchp ack, and
>> > my
>> > vnc server, someone is bypassing one of the most advanced hardware
>> > firewalls
>> > ever! The data i found comming out of my cable modem is all going to
>> > 125.16.27.50,and then is being served to xxx.xxx.xxx.xxx, whichisnt very
>> > helpfull at all. so far theyve downloaded 2.5 TB of my data and i cant
>> > stop
>> > them, i need to have my server online at all times!
>> >
>> >
>> > cameron lord; Axcellsecure
>> >
>>
>> It appears that you're being hacked by someone in Hyderabad, India:
>>
>> Hostname: 125.16.27.50
>> ISP: Bharti Broadband
>> Organization: PROKARMA SOFTECH PVT LTD
>> Proxy: None detected
>> Type: Cable/DSL
>>
>> Of course, they may be using that ISP's servers to route to your
>> server, so they could be anywhere.
>>
>> --
>> Sincerely,
>>
>> Michael Lauzon
>> --
>> The Toronto Linux Users Group. Meetings: http://gtalug.org/
>> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
>> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
> ________________________________
> Create a cool, new character for your Windows Live™ Messenger. Check it out



-- 
Tyler Aviss
Systems Support
LPIC/LPIC-2
(778) 890-0942
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list