How to restrict outgoing connections using iptables?

0 like 0 dislike
4 views
From my server to proceed malicious activities.
Can't catch the process as it runs all the time randomly. Mostly at night. And the host disables the server.

Want to block outbound connections. But to the job site. Use NGINX+PHP-FPM+MySQL. Is this possible? What rule do I need to register for iptables?

Here is the outgoing log activity:
Jan 11 01:18:31 shared03 sshd[17228]: Invalid user ts3 from 185.178.46.241 Jan 11 01:18:31 shared03 sshd[17228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.178.46.241 Jan 11 01:18:33 shared03 sshd[17228]: Failed password for invalid user ts3 from 185.178.46.241 port 44084 ssh2 Jan 11 01:18:33 shared03 sshd[17228]: Received disconnect from 185.178.46.241 port 44084:11: Bye Bye [preauth] Jan 11 01:18:33 shared03 sshd[17228]: Disconnected from 185.178.46.241 port 44084 [preauth] Jan 11 01:34:34 shared03 sshd[20438]: Invalid user support from 185.178.46.241 Jan 11 01:34:34 shared03 sshd[20438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.178.46.241 Jan 11 01:34:36 shared03 sshd[20438]: Failed password for invalid user support from 185.178.46.241 port 50100 ssh2 Jan 11 01:34:36 shared03 sshd[20438]: Received disconnect from 185.178.46.241 port 50100:11: Bye Bye [preauth] Jan 11 01:34:36 shared03 sshd[20438]: Disconnected from 185.178.46.241 port 50100 [preauth] Jan 13 19:37:41 shared03 sshd[25092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.178.46.241 user=bin Jan 13 19:37:44 shared03 sshd[25092]: Failed password for bin from 185.178.46.241 port 53658 ssh2 Jan 13 19:37:44 shared03 sshd[25092]: Received disconnect from 185.178.46.241 port 53658:11: Bye Bye [preauth] Jan 13 19:37:44 shared03 sshd[25092]: Disconnected from 185.178.46.241 port 53658 [preauth] Jan 13 19:42:19 shared03 sshd[26181]: Invalid user zachary from 185.178.46.241 Jan 13 19:42:19 shared03 sshd[26181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.178.46.241 Jan 13 19:42:21 shared03 sshd[26181]: Failed password for invalid user zachary from 185.178.46.241 port 54196 ssh2 Jan 13 19:42:21 shared03 sshd[26181]: Received disconnect from 185.178.46.241 port 54196:11: Bye Bye [preauth] Jan 13 19:42:21 shared03 sshd[26181]: Disconnected from 185.178.46.241 port 54196 [preauth]
by | 4 views

1 Answer

0 like 0 dislike
It is necessary to catch what it is. The brute force is still childish pranks.
A ban on outbound ssh
iptables-I OUTPUT-p TCP --dport 22 -j DROP
by

Related questions

0 like 0 dislike
1 answer
0 like 0 dislike
1 answer
asked Jun 12, 2019 by Mi11er
0 like 0 dislike
2 answers
110,608 questions
257,186 answers
0 comments
28,644 users