csf firewall blocks ougoing tracking hits from multiple joomla sites to ... Amazon.com server - Joomla! Forum - community, help and support

-

does had problem or knows if it's normal several of joomla websites trying connect ip 34.196.229.25 (as14618 amazon-aes - amazon.com, inc., (registered nov 04, 2005))

"lfd on server.rootshosting.net: uid 52 (asdfasdf) tracking hit
uid: 52 (asdfasdf)
hits: 11
sample of port hits:
may 4 04:21:56 server kernel: [11503.773716] firewall: *tcp_out blocked* in= out=eth0 src=216.246.99.58 dst=34.196.229.25 len=60 tos=0x00 prec=0x00 ttl=64 id=23314 df proto=tcp spt=54812 dpt=80 window=14600 res=0x00 syn urgp=0 uid=52 gid=52"
"

i've blocked ip in question , whole ip range actually, of course since it's outbound, process still running...
actually noticed strange behaviour on server of trying connect strange port, blocked ip.
the tracking hits blocks/warnings started come then. may have been going on long time.
it started 1 account, 2, 3... , it's been 24 hours, affecting 3 accounts out of on 15... it's not accounts. it's not joomla thing, , these sites have little in common. 1 of them basic joomla install, basic stuff used on sites.

have been hacked? or did block joomla update stuff?

have checked if hacked? have ran scan on server see if hacked? if can't find anything, check logs: check apache access logs second first time saw error in modsecurity, , trace ip caused error see did before that.





Comments

Post a Comment

Popular posts from this blog

Falang and too many redirects - Joomla! Forum - community, help and support

-
hello i don't know if i'm posting in right place , i'm apologise have searched solution long time , couldn't find . my problem starts when have install component falang (translation component ). after time decided uninstall , problem starts. go extension tab meny in left column press manage button, list on right found falang component , delete it, when did website not accessible did stupidest thing install falang package file 1 more time , here problem, when trying open website message showing: "website redirected many times. try clearing cookies. err_too_many_redirects" i have cleared cookies didn't help. have used tool "header checker tool" , result "301 moved permanently " please because don't know do. thank you setka Board index Joomla! 3.x - Ask Support Questions Here Extensions for Joomla! 3.x
Read more

Infinite loop detected in JErrorInfinite loop detected in JError - Joomla! Forum - community, help and support

-
after migrating site new server see error below infinite loop detected in jerrorinfinite loop detected in jerror please can me it means there mis-configuration configuration.php file. can refer post - viewtopic.php?t=830509 https://docs.joomla.org/infinite_loop_d ... joomla_1.7 Board index Joomla! 3.x - Ask Support Questions Here General Questions/New to Joomla! 3.x
Read more

logged out from joomla! - Joomla! Forum - community, help and support

-
Image
good morning you! since joomla! version still running on 3.7.5, trying update current version 23.8.1. tried, got white page due incompatibility 1 of extension (page builder pro). decided first upgrade extension, , trying again. tried update, received error message of dublicated tables. went phpmyadmin , deleted these tables manually. same error appeared again, when tried update part. extension. in order rid of extension, tried remove extension via extension manager. hit "remove" button, got logged out. while trying log admin, got message: you not have access administrator section of site. . yes, changed _user table in phpmyadmin, , checked configuration.php, i'm still not able lock admin. however, checked , browsed internet solution, couldn't find hint, excepted, had similar issue , asked post output of "forum assistant". have no idea if narrow problem, @ least gotta try! of appreciated! thank in advance! part i: forum post assistant (v1.3.5) : 2nd november ...
Read more