Services flood coming from servers ip address? Help!
For the last 32 hours now we have been getting connections on all our services ports from our own servers ip address, its very strange I found a user with a strange looking cronjob which I have disabled as it was running every minute.
Here is what my messages log looks like..
Dec 31 21:49:52 server2 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Dec 31 21:49:52 server2 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Dec 31 21:49:52 server2 pure-ftpd: (?@85.234.136.248) [INFO] New connection from 85.234.136.248
Dec 31 21:49:52 server2 pure-ftpd: (?@85.234.136.248) [INFO] Logout.
Dec 31 21:49:52 server2 pure-ftpd: (?@85.234.136.248) [INFO] New connection from 85.234.136.248
Dec 31 21:49:52 server2 pure-ftpd: (?@85.234.136.248) [INFO] Logout.
Dec 31 21:49:52 server2 pure-ftpd: (?@85.234.136.248) [INFO] New connection from 85.234.136.248
Dec 31 21:49:52 server2 pure-ftpd: (?@85.234.136.248) [INFO] Logout.
Dec 31 21:49:53 server2 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Dec 31 21:49:53 server2 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Dec 31 21:49:53 server2 pure-ftpd: (?@85.234.136.248) [INFO] New connection from 85.234.136.248
Dec 31 21:49:53 server2 pure-ftpd: (?@85.234.136.248) [INFO] Logout.
Dec 31 21:49:53 server2 pure-ftpd: (?@85.234.136.248) [INFO] New connection from 85.234.136.248
Dec 31 21:49:53 server2 pure-ftpd: (?@85.234.136.248) [INFO] Logout.
Dec 31 21:49:53 server2 pure-ftpd: (?@85.234.136.248) [INFO] New connection from 85.234.136.248
Dec 31 21:49:53 server2 pure-ftpd: (?@85.234.136.248) [INFO] Logout.
Dec 31 21:49:54 server2 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Dec 31 21:49:54 server2 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
And it goes on, and im guessing this is what its like for all the services running on my server?
Anyone have any ideas?
