[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Is someone getting in on my FTP?

Subject: Re: [cobalt-security] Is someone getting in on my FTP?
From: alan macdonald <webmaster@xxxxxxxxxxxxxxx>
Date: Thu, 27 Jun 2002 17:58:27 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi,

OK, thanks. Anon FTP has been off since minute one. :) Along with justabout everything else.


I've calmed down a lot since I had a quick look around my system.

Modified logcheck.sh to include
$LOGTAIL /var/log/auth >> $TMPDIR/check.$$

so I can monitor that.

Jeez, sometimes too much information is a bad thing. Sheesh. So manymessages - I know I'm going to be living on google tomorrow to find outwhat they all mean. It's all very well having all these messages drop in myinbox, but I gotta know what they mean, and whether they are good or bad.


Still, mustn't grumble :)

At 11:47 27/06/2002 -0500, you wrote:

> Jun 27 17:27:52 ns proftpd[24661]: myip.myip.myip.myip
> (dnhz02by24ol.bc.hsia.telus.net[216.232.85.61]) - FTP session closed.

It's some cl0wn scanning your ftp server. Typically they're looking for an
anonymous ftp server to load up with warez. There are whole net blocks that
I've blocked with tcp-wrappers to cut down on this stuff.


rgds

Alan MacDonald
--
Webmaster - aceposition.com
webmaster@xxxxxxxxxxxxxxx
+353 51 855 939

References:
- [cobalt-security] Is someone getting in on my FTP?
  - From: Alan MacDonald
- Re: [cobalt-security] Is someone getting in on my FTP?
  - From: Jay Summers

Prev by Date: Re: [cobalt-security] glibc update & other patches
Next by Date: Re: [cobalt-security] RaQ3-RaQ4-OpenSSH-3.4p1-1.pkg
Previous by thread: Re: [cobalt-security] Is someone getting in on my FTP?
Next by thread: Re: [cobalt-security] Is someone getting in on my FTP?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index