ProLiant Servers (ML,DL,SL)
1748092 Members
5282 Online
108758 Solutions
New Discussion

HP ProLiant DL360E Gen8 - iLo 4

 
FlorinMarian
Occasional Contributor

HP ProLiant DL360E Gen8 - iLo 4

Hello !

I own  a HP ProLiand DL360E Gen8 server colocated into a datacenter.

I've connected iLo with static IP address which response normally on PING but cannot accces web interface (

s1-admin.***-hosting.ro refused to connect.)

.

I also tried to reboot sever and reboot CLI interface via SSh [map1 reset].

Any idea what should I do ?

Greetings !

 

EDIT: Everything was fine till few days ago, nothing happen in this time, now just cannot connect without any configuration change.

4 REPLIES 4
FlorinMarian
Occasional Contributor

Re: HP ProLiant DL360E Gen8 - iLo 4

I have news guys.

I've used a online scanner on my server IP address and i've found that, server got new ports for web interface.

Scan result:

22/tcp    open  ssh

8081/tcp  open  blackice-icecap

9443/tcp  open  tungsten-https

17988/tcp open  unknown

17990/tcp open  unknown

I had a look on logs and I didn't found any suspicious login, what happen ? Till last login (few days ago) port was 443 [I always tried https].

 

FlorinMarian
Occasional Contributor

Re: HP ProLiant DL360E Gen8 - iLo 4

Update 2: I've found suspect login details [user hp, group hp].

Anyone else have those login details ? I'm pretty sure i don't had this login before, i didn't added it manually and i had a strong password on main account.

Any possibility?

Jimmy Vance
HPE Pro

Re: HP ProLiant DL360E Gen8 - iLo 4

Best practices for iLO are to not expose it directly to the Internet.  Some port prober/attacker probably locked up the web interface which is why port 443 is no longer responding

 

The ports you have listed are standard known ports for various iLO functionality,  with the exception of the missing port 443 for the web interface

 

 

No support by private messages. Please ask the forum! 
FlorinMarian
Occasional Contributor

Re: HP ProLiant DL360E Gen8 - iLo 4

My server got hacked again.

I've found this in logs and on lookup i found that attcker it's from China.

What happen  ? Isn't iLo safe ?

http://prntscr.com/ipzsmt