Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

/var/log/vesta/system.log FILLED with firewall commands...

https://forum.vestacp.com/viewtopic.php?f=10&t=19707

Page 1 of 1

/var/log/vesta/system.log FILLED with firewall commands...

Posted: Tue Mar 17, 2020 2:46 pm
by hedgehog90
Here's a snippet from the beginning of my vesta system.log:

Code: Select all

2020-01-01 06:57:17 v-delete-firewall-ban  '49.88.112.77' 'SSH'
2020-01-01 06:57:33 v-delete-firewall-ban  '112.85.42.174' 'SSH'
2020-01-01 07:02:19 v-add-firewall-chain  'SSH'
2020-01-01 07:02:19 v-add-firewall-ban  '222.186.42.4' 'SSH'
2020-01-01 07:04:03 v-add-firewall-chain  'SSH'
2020-01-01 07:04:03 v-add-firewall-ban  '49.88.112.77' 'SSH'
2020-01-01 07:12:19 v-delete-firewall-ban  '222.186.42.4' 'SSH'
2020-01-01 07:14:04 v-delete-firewall-ban  '49.88.112.77' 'SSH'
2020-01-01 07:17:51 v-add-firewall-chain  'SSH'
2020-01-01 07:17:51 v-add-firewall-ban  '222.186.175.150' 'SSH'
2020-01-01 07:18:50 v-add-firewall-chain  'SSH'
2020-01-01 07:18:50 v-add-firewall-ban  '49.88.112.77' 'SSH'
2020-01-01 07:27:51 v-delete-firewall-ban  '222.186.175.150' 'SSH'
2020-01-01 07:28:35 v-add-firewall-chain  'SSH'
2020-01-01 07:28:35 v-add-firewall-ban  '94.21.243.204' 'SSH'
2020-01-01 07:28:51 v-delete-firewall-ban  '49.88.112.77' 'SSH'
2020-01-01 07:33:06 v-add-firewall-chain  'SSH'
2020-01-01 07:33:06 v-add-firewall-ban  '222.186.169.194' 'SSH'
2020-01-01 07:38:35 v-delete-firewall-ban  '94.21.243.204' 'SSH'
2020-01-01 07:40:09 v-add-firewall-chain  'SSH'
2020-01-01 07:40:09 v-add-firewall-ban  '222.186.175.140' 'SSH'
2020-01-01 07:43:07 v-delete-firewall-ban  '222.186.169.194' 'SSH'
2020-01-01 07:48:10 v-add-firewall-chain  'SSH'
2020-01-01 07:48:10 v-add-firewall-ban  '222.186.180.17' 'SSH'
2020-01-01 07:50:10 v-delete-firewall-ban  '222.186.175.140' 'SSH'
2020-01-01 07:51:19 v-add-firewall-chain  'SSH'
2020-01-01 07:51:19 v-add-firewall-ban  '218.92.0.172' 'SSH'
2020-01-01 07:51:26 v-add-firewall-chain  'SSH'
2020-01-01 07:51:26 v-add-firewall-ban  '94.21.243.204' 'SSH'
Look at the frequency of these logs. Now extrapolate that to today.
Is my server being attacked?

I've checked older logs going back to 2016, there are loads of these add/delete-firewall-bans, but the frequency since January this year is close to 10x more than previous years.
This isn't right, surely...
Someone please explain what is going on and recommend course of action if necessary.

Re: /var/log/vesta/system.log FILLED with firewall commands...

Posted: Wed Jul 01, 2020 1:14 pm
by hedgehog90
*bump*

This is still an issue. Can someone please explain why this is happening?
My system.log continues to log thousands of these firewall commands every day.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/