fd on ns1.MyHost.com: UID 619 (ramyhids) Tracking Hit

[sammybotz]

Can someone tell me why I'm getting hundreds of these emails below weekly and how to prevent it from happening again please?
I just blocked IP 50.22.179.3 but not sure if this is the solution. Thank you very much


Time: Wed Dec 11 05:17:24 2013 -0500
UID: 619 (ramyhids)
Hits: 11

Sample of port hits:
Dec 11 05:16:53 ns1 kernel: [18267384.868562] Firewall: *TCP_OUT Blocked* IN= OUT=venet0 SRC=MYVPSIP DST=50.22.179.3 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=960 DF PROTO=TCP SPT=56151 DPT=31000 WINDOW=14600 RES=0x00 SYN URGP=0 UID=619 GID=617
Dec 11 05:16:54 ns1 kernel: [18267385.867969] Firewall: *TCP_OUT Blocked* IN= OUT=venet0 SRC=MYVPSIP DST=50.22.179.3 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=961 DF PROTO=TCP SPT=56151 DPT=31000 WINDOW=14600 RES=0x00 SYN URGP=0 UID=619 GID=617
Dec 11 05:16:56 ns1 kernel: [18267387.867283] Firewall: *TCP_OUT Blocked* IN= OUT=venet0 SRC=MYVPSIP DST=50.22.179.3 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=962 DF PROTO=TCP SPT=56151 DPT=31000 WINDOW=14600 RES=0x00 SYN URGP=0 UID=619 GID=617
Dec 11 05:17:02 ns1 kernel: [18267394.032005] Firewall: *TCP_OUT Blocked* IN= OUT=venet0 SRC=MYVPSIP DST=50.22.179.3 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35023 DF PROTO=TCP SPT=56445 DPT=31000 WINDOW=14600 RES=0x00 SYN URGP=0 UID=619 GID=617
Dec 11 05:17:03 ns1 kernel: [18267395.031850] Firewall: *TCP_OUT Blocked* IN= OUT=venet0 SRC=MYVPSIP DST=50.22.179.3 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35024 DF PROTO=TCP SPT=56445 DPT=31000 WINDOW=14600 RES=0x00 SYN URGP=0 UID=619 GID=617
Dec 11 05:17:05 ns1 kernel: [18267397.031119] Firewall: *TCP_OUT Blocked* IN= OUT=venet0 SRC=MYVPSIP DST=50.22.179.3 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35025 DF PROTO=TCP SPT=56445 DPT=31000 WINDOW=14600 RES=0x00 SYN URGP=0 UID=619 GID=617
Dec 11 05:17:12 ns1 kernel: [18267404.031551] Firewall: *TCP_OUT Blocked* IN= OUT=venet0 SRC=MYVPSIP DST=50.22.179.3 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29376 DF PROTO=TCP SPT=56717 DPT=31000 WINDOW=14600 RES=0x00 SYN URGP=0 UID=619 GID=617
Dec 11 05:17:13 ns1 kernel: [18267405.030481] Firewall: *TCP_OUT Blocked* IN= OUT=venet0 SRC=MYVPSIP DST=50.22.179.3 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29377 DF PROTO=TCP SPT=56717 DPT=31000 WINDOW=14600 RES=0x00 SYN URGP=0 UID=619 GID=617
Dec 11 05:17:15 ns1 kernel: [18267407.030323] Firewall: *TCP_OUT Blocked* IN= OUT=venet0 SRC=MYVPSIP DST=50.22.179.3 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29378 DF PROTO=TCP SPT=56717 DPT=31000 WINDOW=14600 RES=0x00 SYN URGP=0 UID=619 GID=617
Dec 11 05:17:22 ns1 kernel: [18267414.158337] Firewall: *TCP_OUT Blocked* IN= OUT=venet0 SRC=MYVPSIP DST=50.22.179.3 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57285 DF PROTO=TCP SPT=56985 DPT=31000 WINDOW=14600 RES=0x00 SYN URGP=0 UID=619 GID=617
Dec 11 05:17:23 ns1 kernel: [18267415.158868] Firewall: *TCP_OUT Blocked* IN= OUT=venet0 SRC=MYVPSIP DST=50.22.179.3 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57286 DF PROTO=TCP SPT=56985 DPT=31000 WINDOW=14600 RES=0x00 SYN URGP=0 UID=619 GID=617

[craigcbishop]

I was seeing the same traffic on a server. In our case, this was caused by a WordPress plugin called all-in-one-event-calendar that was sending statistics to aggregator[dot]time[dot]ly

[postcd]

Please how did you find the php script that caused this tracking hit?