ConfigServer Community Forum

Hello,

What is this all about? We receive this when our clients install a new San Andreas server

We receice this email:

Sample of port hits:
Sep 29 11:03:10 server1 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=94.176.*.* DST=83.103.133.168 LEN=117 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=7777 DPT=52209 LEN=97 UID=32043 GID=32044
Sep 29 11:03:12 server1 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=94.176.*.* DST=83.103.133.168 LEN=43 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=7777 DPT=52209 LEN=23 UID=32043 GID=32044

There are many ip's, I provided only the first 2 lines

And we have this in /var/log/lfd.log

Sep 29 11:02:05 server1 lfd[24302]: *UID Tracking* 11 blocks for UID 32043 (username)
Sep 29 11:02:25 server1 lfd[24431]: *UID Tracking* 11 blocks for UID 32043 (username)

I hardly beleive this could be an outgoing flood, because this started since the last csf update, and this thing happens on many of our clients, not just one.

Whats is this mean
UID Tracking* 11 blocks for UID 535 (fluffey)
Is there anything else I need to do to the csf with the new update. I am trying hard to make it and I have a nasty ISP Comcast that is I believe hacking my modem trying to get into CSF and my server. When I call them all of a sudden my service goes back on really fast.
So are you saying I am flooding out to the internet I am lost. I have to block a CIDR Range because of people signing in with a word press site with the same network ip I don't know who spamavert is although I believe they are not a real spam agency like spamhause. So I created filters in cpanel and I used boxtrapper to .+\spamavert.\com I also put some names in spam assassin can anyone help me. I am trying hard to build a social network and its mine I am not making any money yet if I was I would be paying CSF for the wonderful work they are doing to protect us. Although I may soon be selling some wp themes at avthemes welcome to look. Also I have a few set up at ventnames no sales yet its been tuff I guess I am about to look for a job. I am trying to keep the faith though can anyone tell me what this 11 blocks if you can and what am I flooding out to.

Kind regards Vinny

CSF showing you an IP which triggered this blocking, you can check what is this IP. just google IP lookup. example myip.ms can tell more details.

Also i think it tells you ip is 83.103.133.168. SPT and DPT is maybe source port and destination port. so it can tell you what service is running on that port.. but i think most important on how to realize what is this block about is the csf email subject (Tracking Hit), so we can go to CSF configuration and search for "tracking" phrasse, but there is too much results, so not sure to which CSF setting this refers to..?

*UDP_OUT Blocked*, means that CSF is blocking any one trying to access a port that has not been allowed to be accessed.
SPT, means source port. So, the one on that IP is using port 7777 to connect to your server.
DPT, means destination port. So, that IP is trying to connect to port 52209.

Do you have any special setting that uses port 52209 in UDP?