![]() ![]() Worst case, of course, is something like "your server is totally compromised, your data has been exported to someone else and you will lose access to it or it will be modified in ways you will not like, and your server is being used for illegal purposes that will earn you a visit from the police" - hopefully this isn't the case! Checking that you have up-to-date backups is always good. If so, best case is that they are DNS lookups that your server does to identify incoming connections (that would explain why the connections are being used by the system image). This means that you will not need to wonder what those addresses are connecting to, because there will only be two possibilities.Īnother possibility is that the connections are outgoing. The port for the service you are providing, which is hopefully not a database directly but some web interface, Apache or IIS for example, maybe running on a different machine. The port for your administrative connections, hopefully identified by your static source IP address if you have one Your firewall should allow incoming access to Random people from the Internet should not be allowed to open any kind of connection to your database server. As for your question 2, it is probably not a worm on your server if the connections are all incoming.
0 Comments
Leave a Reply. |