In the last couple weeks I have been seeing similar entries in my nightly security run output.
The top two are yahoo and the bottom two are Mozilla's sites. These seem to be very random as previous entries showed attempted connections to an old work place of mine.
None of these attempts are initiated by me, and I am the only one who has access to this server. I also run sshd on a non-standard port (not 22). The server is updated/patched on a weekly basis, and is running v8.0 release. Nothing special, just apache hosting a single wordpress instance.
Does this mean I have some sort of rootkit or have been hacked? I am not seeing anything in my auth.log, messages or any other log that would indicate such, but of course any hacker would cover their tracks. Has anyone seen this before? What's the resolution?
Any help would be appreciated.
-D
Code:
Nov 16 16:55:49 alpha sshd[21633]: error: connect_to 67.195.132.238 port 80: failed.
Nov 16 16:55:49 alpha sshd[21633]: error: connect_to 67.195.132.238 port 80: failed.
Nov 16 17:03:00 alpha sshd[21633]: error: connect_to 63.245.213.91 port 443: failed.
Nov 16 17:03:30 alpha sshd[21633]: error: connect_to 63.245.213.91 port 443: failed.The top two are yahoo and the bottom two are Mozilla's sites. These seem to be very random as previous entries showed attempted connections to an old work place of mine.
None of these attempts are initiated by me, and I am the only one who has access to this server. I also run sshd on a non-standard port (not 22). The server is updated/patched on a weekly basis, and is running v8.0 release. Nothing special, just apache hosting a single wordpress instance.
Does this mean I have some sort of rootkit or have been hacked? I am not seeing anything in my auth.log, messages or any other log that would indicate such, but of course any hacker would cover their tracks. Has anyone seen this before? What's the resolution?
Any help would be appreciated.
-D
