My Ubuntu server had recently problems with a bruteforce attack.
So I installed
fail2ban and I think the problem is gone.
But when I check iftop I see a Chinese IP permanently connecting.
iftop
12.5Kb 25.0Kb 37.5Kb 50.0Kb 62.5Kb
mqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqq
Ubuntu-1510-wily-64-minim => 218.201.37.134 4.22Kb 4.12Kb 4.13Kb
194.97.114.3:2010
ts3server 898 root 39u IPv4 17862 0t0 UDP *:9987
ts3server 898 root 40u IPv6 17863 0t0 UDP *:9987
ts3server 898 root 45u IPv4 17867 0t0 TCP *:10011 (LISTEN)
ts3server 898 root 46u IPv6 17868 0t0 TCP *:10011 (LISTEN)
java 1050 root 46u IPv6 20495 0t0 TCP *:25565 (LISTEN)
sshd 1220 root 3u IPv4 21663 0t0 TCP *:1022 (LISTEN)
sshd 1220 root 4u IPv6 21665 0t0 TCP *:1022 (LISTEN)
sshd 4347 root 3u IPv4 55148 0t0 TCP myip:ssh->mysship:50031 (ESTABLISHED)
There are no logins (checked via last) that are not from me.
Asked by user207680
(21 rep)
Dec 29, 2016, 05:56 AM
Last activity: Dec 29, 2016, 03:13 PM
Last activity: Dec 29, 2016, 03:13 PM