[BlueOnyx:21959] Re: BO5209 - increased outbound UDP traffic
John
jsikes at sikesland.com
Sat Apr 21 10:50:22 -05 2018
Ken,Thanks for the response Ken. I have alot of the traffic on port 111, but also other random ports.
This server does have a suspended Joomla 3x site. I am looking into that now, but the other 2 servers didn't have any Drupal, Joomla or WordPress sites. No active sites at all and they are also compromised. So I am thinking it is not a site but the base OS.
-------- Original message --------From: Ken Hohhof <khohhof at kwom.com> Date: 4/21/18 10:00 AM (GMT-06:00) To: blueonyx at mail.blueonyx.it Subject: [BlueOnyx:21958] Re: BO5209 - increased outbound UDP traffic
Hello all,
On Tuesday night I began to see an increase in UDP traffic on 3 5209 boxes. I shut down 2 of the 3 as they were development boxes, but one has a live site. All 3 were producing about 600k outbound traffic continuously. Normal outbound traffic averages about 30k.
I checked my log files and didn't find anything too far out of norms. I did a TCPDump and saw hundreds of records of UDP to different ports.
I have been searching for the last few days for a solution, but wanted to check here before I did something foolish as I have done so many times in the past.
So any recommendations would be greatly appreciated.
Thanks,
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20180421/66dfef4a/attachment.html>
More information about the Blueonyx
mailing list