Today I got ane email notification from CSF, that someone is trying to do portscanning to my webserver.
Time:Â Â Sat Feb 19 08:11:00 2011 +0700
IP:Â Â Â 59.53.50.139 (CN/China/-)
Hits:Â Â 11
Blocked: Temporary Block
Sample of block hits:
Feb 19 08:10:30 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=59.53.50.139 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW=8192 RES=0x00 SYN URGP=0
Feb 19 08:10:32 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=59.53.50.139 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW=8192 RES=0x00 SYN URGP=0
Feb 19 08:10:37 server kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=59.53.50.139 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=256 DF PROTO=TCP SPT=12200 DPT=8080 WINDOW=8192 RES=0x00 SYN URGP=0
If you are searching this IP from search engine, please add the following IP to the Deny / Blocked lists :
59.53.50.13
or
59.53.0.0/16