[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Is someone getting in on my FTP?
- Subject: Re: [cobalt-security] Is someone getting in on my FTP?
- From: alan macdonald <webmaster@xxxxxxxxxxxxxxx>
- Date: Thu, 27 Jun 2002 17:58:27 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
OK, thanks. Anon FTP has been off since minute one. :) Along with just
about everything else.
I've calmed down a lot since I had a quick look around my system.
Modified logcheck.sh to include
$LOGTAIL /var/log/auth >> $TMPDIR/check.$$
so I can monitor that.
Jeez, sometimes too much information is a bad thing. Sheesh. So many
messages - I know I'm going to be living on google tomorrow to find out
what they all mean. It's all very well having all these messages drop in my
inbox, but I gotta know what they mean, and whether they are good or bad.
Still, mustn't grumble :)
At 11:47 27/06/2002 -0500, you wrote:
> Jun 27 17:27:52 ns proftpd[24661]: myip.myip.myip.myip
> (dnhz02by24ol.bc.hsia.telus.net[216.232.85.61]) - FTP session closed.
It's some cl0wn scanning your ftp server. Typically they're looking for an
anonymous ftp server to load up with warez. There are whole net blocks that
I've blocked with tcp-wrappers to cut down on this stuff.
rgds
Alan MacDonald
--
Webmaster - aceposition.com
webmaster@xxxxxxxxxxxxxxx
+353 51 855 939