We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
/var/log/vesta/system.log FILLED with firewall commands...
-
- Posts: 25
- Joined: Wed Sep 09, 2015 7:19 pm
/var/log/vesta/system.log FILLED with firewall commands...
Here's a snippet from the beginning of my vesta system.log:
Look at the frequency of these logs. Now extrapolate that to today.
Is my server being attacked?
I've checked older logs going back to 2016, there are loads of these add/delete-firewall-bans, but the frequency since January this year is close to 10x more than previous years.
This isn't right, surely...
Someone please explain what is going on and recommend course of action if necessary.
Code: Select all
2020-01-01 06:57:17 v-delete-firewall-ban '49.88.112.77' 'SSH'
2020-01-01 06:57:33 v-delete-firewall-ban '112.85.42.174' 'SSH'
2020-01-01 07:02:19 v-add-firewall-chain 'SSH'
2020-01-01 07:02:19 v-add-firewall-ban '222.186.42.4' 'SSH'
2020-01-01 07:04:03 v-add-firewall-chain 'SSH'
2020-01-01 07:04:03 v-add-firewall-ban '49.88.112.77' 'SSH'
2020-01-01 07:12:19 v-delete-firewall-ban '222.186.42.4' 'SSH'
2020-01-01 07:14:04 v-delete-firewall-ban '49.88.112.77' 'SSH'
2020-01-01 07:17:51 v-add-firewall-chain 'SSH'
2020-01-01 07:17:51 v-add-firewall-ban '222.186.175.150' 'SSH'
2020-01-01 07:18:50 v-add-firewall-chain 'SSH'
2020-01-01 07:18:50 v-add-firewall-ban '49.88.112.77' 'SSH'
2020-01-01 07:27:51 v-delete-firewall-ban '222.186.175.150' 'SSH'
2020-01-01 07:28:35 v-add-firewall-chain 'SSH'
2020-01-01 07:28:35 v-add-firewall-ban '94.21.243.204' 'SSH'
2020-01-01 07:28:51 v-delete-firewall-ban '49.88.112.77' 'SSH'
2020-01-01 07:33:06 v-add-firewall-chain 'SSH'
2020-01-01 07:33:06 v-add-firewall-ban '222.186.169.194' 'SSH'
2020-01-01 07:38:35 v-delete-firewall-ban '94.21.243.204' 'SSH'
2020-01-01 07:40:09 v-add-firewall-chain 'SSH'
2020-01-01 07:40:09 v-add-firewall-ban '222.186.175.140' 'SSH'
2020-01-01 07:43:07 v-delete-firewall-ban '222.186.169.194' 'SSH'
2020-01-01 07:48:10 v-add-firewall-chain 'SSH'
2020-01-01 07:48:10 v-add-firewall-ban '222.186.180.17' 'SSH'
2020-01-01 07:50:10 v-delete-firewall-ban '222.186.175.140' 'SSH'
2020-01-01 07:51:19 v-add-firewall-chain 'SSH'
2020-01-01 07:51:19 v-add-firewall-ban '218.92.0.172' 'SSH'
2020-01-01 07:51:26 v-add-firewall-chain 'SSH'
2020-01-01 07:51:26 v-add-firewall-ban '94.21.243.204' 'SSH'
Is my server being attacked?
I've checked older logs going back to 2016, there are loads of these add/delete-firewall-bans, but the frequency since January this year is close to 10x more than previous years.
This isn't right, surely...
Someone please explain what is going on and recommend course of action if necessary.
-
- Posts: 25
- Joined: Wed Sep 09, 2015 7:19 pm
Re: /var/log/vesta/system.log FILLED with firewall commands...
*bump*
This is still an issue. Can someone please explain why this is happening?
My system.log continues to log thousands of these firewall commands every day.
This is still an issue. Can someone please explain why this is happening?
My system.log continues to log thousands of these firewall commands every day.