Quote:
Originally Posted by kingkashif
(..) I see on my server some outgoing connections to a couple of IPs. (..) I wonder why is php-fpm process making these http outgoing connections? What are they for? (..) Are any of my scripts making these connections?
|
Couple of things in random order:
- it's not the first time you've had trouble with servers. In the last thread we
suggested you actively verify anything for changes. Unsure if you investigated
anything yourself at this point. What did you inspect yourself? System and daemon logs? Docroot and user homes contents?
- A web service only requires outbound new TCP/80 or 443 connections if it needs to load external resources. If none of your scripts need to you know this is bad news.
- At least one of those remote servers was listed consistently from 2014 on as serving malware, scanning the 'net etc, etc.
- Given where (I think) your web server resides I would find it highly illogical for your web server to access resources on given servers as they're not your average jquery or other such popular resources.
- There are several ways to capture data like for example FPM debug settings (logging) or tcpdump (do use "-s 0" to capture whole payload).
- If unsure put up an outbound new TCP/80 or 443 block in your firewall and see what happens.