Someone try hack my nethserver?

I write here because I need your help. For some time I appear in the logs (logwatch summary) odd entries that trouble me. It looks like:

Today:
Attempts to use known hacks by 1 hosts were logged 1 time(s) from:
169.229.3.91: 1 Time(s)
A total of 1 sites probed the server
169.229.3.91

yesterday:
Attempts to use known hacks by 1 hosts were logged 1 time(s) from:
61.216.2.15: 1 Time(s)
A total of 1 sites probed the server
61.216.2.15

Its strange for me.
Should I be concerned?
How to block something like that?
Please some help.

Look for those two ip addresses in the logs (you can use the Find in log files search box in the log viewer).
I bet you’ll find a “strange” request in the httpd access.log.
Nothing to worry about. However, fail2ban could probably block more attempts from the same ip (not your case, you received only one probe).

1 Like

Okay thanks for answer… but i want anyway to block permanently thats ip address. Its a possible ?

try with:


and add that ip to the script…

or add it to /etc/shorewall/blacklist :slight_smile:

2 Likes

Thanks for answer :slight_smile: but …
Can it be easier to do? You can not add lock with gui? or install package form software center?

NethServer 7beta1 supports blocking access to services running on the system through the Firewall rules page.

Okey, i will w8 for 7 stable :slight_smile:

@Adam_S, is this a production server? If it is so, I recommend taking a look deeper at the logs…and perhaps also to what @jackyes recommends. It might be more or get more serious. Take a look at it, apply as deemed necessary then upgrade once it has been made stable.

1 Like

In a production server I recommend you to use at least the Firehol level 1 and 2 blocklist.
In that way you have a basic protection from the most active attacker, botnet, ransomware, malaware, etc…