I think somebody may be trying to do bad things to my server! I don't understand how RPC works, so maybe this is way off base and I'm being paranoid, but I thought I'd present it to the masses...
I am occasionally getting messages in /var/log/messages that read:
Is this a case where somebody is trying to use malicious commands to screw up the server? Regardless of whether or not it's a hack attempt, I don't think anything is using rpc's so I'm wondering if I should disable it, and if so, how? This is a RH6.2 box with Apache/PHP4, sendmail, PostGreSQL and SSH. Any help would be greatly appreciated!
I am occasionally getting messages in /var/log/messages that read:
Code:
Feb 2 11:59:13 milhouse 173>Feb 2 05:59:13 rpc.statd[332]: gethostbyname error for ^Xw^??^Xw^??^Yw^??^Y....
Feb 2 11:59:13 milhouse GF^D/shA0@^HF^G^Iv^L^MV^P^MN^L^Is0^KMIs this a case where somebody is trying to use malicious commands to screw up the server? Regardless of whether or not it's a hack attempt, I don't think anything is using rpc's so I'm wondering if I should disable it, and if so, how? This is a RH6.2 box with Apache/PHP4, sendmail, PostGreSQL and SSH. Any help would be greatly appreciated!