oraldlight
February 26th, 2009, 03:37 AM
I decided to troll some log files the other day, and noticed on/about 1/25/2009 my web server is suddenly going bananas trying to contact a certain IP that I can not figure out.
Of course the usual "check the logs more often" apply, so save me from the abuse, please....
So looking to my server I have no clue what is aledged to be "phoning home" on all these ports: (a partial listing of the Banish logs)
18:58:45 * forward eth0 TCP 10.0.0.124 49992 ::::: 87.106.95.153 80(HTTP)
18:58:21 * forward eth0 TCP 10.0.0.124 49992 ::::: 87.106.95.153 80(HTTP)
18:58:09 * forward eth0 TCP 10.0.0.124 49992 ::::: 87.106.95.153 80(HTTP)
18:58:03 * forward eth0 TCP 10.0.0.124 49992 ::::: 87.106.95.153 80(HTTP)
18:58:00 * forward eth0 TCP 10.0.0.124 49992 ::::: 87.106.95.153 80(HTTP)
18:53:39 * forward eth0 TCP 10.0.0.124 33852 ::::: 87.106.95.153 80(HTTP)
18:53:15 * forward eth0 TCP 10.0.0.124 33852 ::::: 87.106.95.153 80(HTTP)
18:53:03 * forward eth0 TCP 10.0.0.124 33852 ::::: 87.106.95.153 80(HTTP)
Any ideas on how to discern what is the root of this sending?
[10.0.0.124 is my server.87.106.95.153 is in Germany and unfamiliar to me.]
Of course the usual "check the logs more often" apply, so save me from the abuse, please....
So looking to my server I have no clue what is aledged to be "phoning home" on all these ports: (a partial listing of the Banish logs)
18:58:45 * forward eth0 TCP 10.0.0.124 49992 ::::: 87.106.95.153 80(HTTP)
18:58:21 * forward eth0 TCP 10.0.0.124 49992 ::::: 87.106.95.153 80(HTTP)
18:58:09 * forward eth0 TCP 10.0.0.124 49992 ::::: 87.106.95.153 80(HTTP)
18:58:03 * forward eth0 TCP 10.0.0.124 49992 ::::: 87.106.95.153 80(HTTP)
18:58:00 * forward eth0 TCP 10.0.0.124 49992 ::::: 87.106.95.153 80(HTTP)
18:53:39 * forward eth0 TCP 10.0.0.124 33852 ::::: 87.106.95.153 80(HTTP)
18:53:15 * forward eth0 TCP 10.0.0.124 33852 ::::: 87.106.95.153 80(HTTP)
18:53:03 * forward eth0 TCP 10.0.0.124 33852 ::::: 87.106.95.153 80(HTTP)
Any ideas on how to discern what is the root of this sending?
[10.0.0.124 is my server.87.106.95.153 is in Germany and unfamiliar to me.]