Cina Attacks

2025-04-15

hello all,
from several months i get different scans from china IPs on a server that overload for a short time to 10.-20 the CPU and the goes back to normal. I already block those IP's with the firewall but afhter 2-3 days scans come from another IP and so one. I also get scanks from Korea and Iran. they simple scan the IPs from that server that brings the load high.... I see the following in logs:
---------
May 15 14:45:18 server kernel: ** IN_UDP DROP ** IN=eth0 OUT= MAC=00:01:02:9b:3f:86:00:02:85:0d:7c:80:08:00 SRC=61.152.239.17 DST=00.00.00.00 LEN=389 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=36822 DPT=1026 LEN=369
---------
PS: DST=00.00.00.00 are the IP's form server that has ben scann..

And also have the following in log:
[Thu May 19 14:01:04 2005] [warn] child process 19017 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19018 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19022 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19039 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19027 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19034 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19035 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19041 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19044 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19046 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19048 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19049 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19051 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19060 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19061 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19062 still did not exit, sending a SIGTERM
[Thu May 19 14:01:04 2005] [warn] child process 19014 still did not exit, sending a SIGTERM
and so on...

Is there any way to block this scans? And is there a way to know wich processes doed not exit sending a SIGTERM?

I have a Cpanel server with CentOS 3.3 and kernel vers.
2.6.9 #1 Tue Jan 11 22:53:20 CET 2005 i686 i686 i386 GNU/Linux

thanks for any help.