From owner-freebsd-questions@FreeBSD.ORG Sat Feb 25 20:45:55 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F63916A420 for ; Sat, 25 Feb 2006 20:45:55 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from mta10.adelphia.net (mta10.adelphia.net [68.168.78.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id F107843D45 for ; Sat, 25 Feb 2006 20:45:54 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([69.172.31.117]) by mta10.adelphia.net (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with SMTP id <20060225204553.VDNU13051.mta10.adelphia.net@barbish>; Sat, 25 Feb 2006 15:45:53 -0500 From: "fbsd_user" To: "The Happy" , Date: Sat, 25 Feb 2006 15:45:49 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Importance: Normal Cc: Subject: RE: Is it hack? How to prevent! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2006 20:45:55 -0000 What this means is you have no firewall blocking the port numbers those services use. Or you really do have mysql, and SSH installed and people are trying to remotely login and your box is doing its job of denying the unauthorized login attempt. But my money is on the firewall. You have none or it's rules are not correct. Read the firewall section of the FreeBSD handbook and use the ipfilter example rule set. As an after though, 4.8 is an unsupported system and 6.0 is the current production version. Time to upgrade by installing from scratch 6.0. Give the Install Guide at www.a1poweruser.com a look. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of The Happy Sent: Saturday, February 25, 2006 10:46 AM To: freebsd-questions@freebsd.org Subject: Is it hack? How to prevent! Hello everyone, I'm on freebsd 4.8R acting as a webserver and email server, I keep getting In my /var/log/messages a strange 3 type of messages, 1) mysqld[8541]: error: /etc/hosts.allow, line 212: twist option in resident process last message repeated 73 times 2) inetd[50977]: warning: /etc/hosts.allow, line 25: host name/address mismatch: 208.34.235.251 != mail.nrms.org 3) sshd[40712]: warning: /etc/hosts.allow, line 25: can't verify hostname: getaddrinfo(na-163- 219.na.avantel.net.mx, AF_INET) failed (I keep getting differnt host everytime) about messages 2 and 3 i think its some hacks attempts How i can preven this type of access? unmatched IPs? what about messages number 1? what doest mean is it hack attempt? My logs are full of these messages, please help Note line 25 in /etc/hosts.allow is ALL : .temma.net : deny and has nothing to do with these logs its just the first rule in the file. Thank you in advance. Marwan _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"