Answer the question
In order to leave comments, you need to log in
How to deny outgoing connections with iptables?
Malicious activity is coming from my server.
I can't catch the process, because it starts randomly all the time. Mostly at night. And the hoster turns off the server.
I want to block outgoing connections. But to make the site work. I use NGINX+PHP-FPM+MySQL. Is it possible? What rule should I write for iptables?
Here is the outgoing activity log:
Jan 11 01:18:31 shared03 sshd[17228]: Invalid user ts3 from 185.178.46.241
Jan 11 01:18:31 shared03 sshd[17228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.178.46.241
Jan 11 01:18:33 shared03 sshd[17228]: Failed password for invalid user ts3 from 185.178.46.241 port 44084 ssh2
Jan 11 01:18:33 shared03 sshd[17228]: Received disconnect from 185.178.46.241 port 44084:11: Bye Bye [preauth]
Jan 11 01:18:33 shared03 sshd[17228]: Disconnected from 185.178.46.241 port 44084 [preauth]
Jan 11 01:34:34 shared03 sshd[20438]: Invalid user support from 185.178.46.241
Jan 11 01:34:34 shared03 sshd[20438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.178.46.241
Jan 11 01:34:36 shared03 sshd[20438]: Failed password for invalid user support from 185.178.46.241 port 50100 ssh2
Jan 11 01:34:36 shared03 sshd[20438]: Received disconnect from 185.178.46.241 port 50100:11: Bye Bye [preauth]
Jan 11 01:34:36 shared03 sshd[20438]: Disconnected from 185.178.46.241 port 50100 [preauth]
Jan 13 19:37:41 shared03 sshd[25092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.178.46.241 user=bin
Jan 13 19:37:44 shared03 sshd[25092]: Failed password for bin from 185.178.46.241 port 53658 ssh2
Jan 13 19:37:44 shared03 sshd[25092]: Received disconnect from 185.178.46.241 port 53658:11: Bye Bye [preauth]
Jan 13 19:37:44 shared03 sshd[25092]: Disconnected from 185.178.46.241 port 53658 [preauth]
Jan 13 19:42:19 shared03 sshd[26181]: Invalid user zachary from 185.178.46.241
Jan 13 19:42:19 shared03 sshd[26181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.178.46.241
Jan 13 19:42:21 shared03 sshd[26181]: Failed password for invalid user zachary from 185.178.46.241 port 54196 ssh2
Jan 13 19:42:21 shared03 sshd[26181]: Received disconnect from 185.178.46.241 port 54196:11: Bye Bye [preauth]
Jan 13 19:42:21 shared03 sshd[26181]: Disconnected from 185.178.46.241 port 54196 [preauth]
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question