[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] ProFTP security probs?

Subject: [cobalt-users] ProFTP security probs?
From: vic@xxxxxxxxxxxxxxx
Date: Mon Aug 21 23:10:39 2000

We have a Raq3i.  After installing the OS updates this last weekend 
everything is running ok.

But now, all kinds of people are tryin to hack into the server (or so I 
think) via proftp.  Ill paste a couple of selections from the log:

Aug 21 11:56:13 www sshd[27400]: log: Connection from 
206.133.213.239 port 4723
Aug 21 11:56:13 www sshd[27400]: log: reverse mapping checking 
gethostbyname for sdn-ar-002cavictp333.dialsprint.net failed - 
POSSIBLE BREAKIN ATTEMPT!

and many like the following:

Aug 21 02:31:03 www proftpd[15852]: 216.122.146.91 
(1Cust101.tnt1.bellingham.wa.da.uu.net[63.28.105.101]) - FTP 
session closed. 
Aug 21 02:31:25 www proftpd[15877]: 216.122.146.91 
(1Cust101.tnt1.bellingham.wa.da.uu.net[63.28.105.101]) - USER 
anonymous (Login failed): Can't find user. 
Aug 21 02:31:26 www proftpd[15877]: 216.122.146.91 
(1Cust101.tnt1.bellingham.wa.da.uu.net[63.28.105.101]) - FTP 
session closed. 
Aug 21 02:31:57 www proftpd[15878]: 216.122.146.91 
(1Cust101.tnt1.bellingham.wa.da.uu.net[63.28.105.101]) - USER 
anonymous (Login failed): Can't find user

Are a bunch of script kiddies tryin to hack my server?  Is there 
anyone who could look at the entire log and possibly tell me what 
security messages I need? (log is 450K)

Regards,

Vic Chisnell
vic@xxxxxxxxxxxxxxx
webmaster@xxxxxxxxxxxxxxx

Follow-Ups:
- Re: [cobalt-users] ProFTP security probs?
  - From: Seth Mos

Prev by Date: Re: [cobalt-users] OpenSSH How to use
Next by Date: [cobalt-users] Restarting SSL
Previous by thread: RE: [cobalt-users] Catch all email on RAQ 3
Next by thread: Re: [cobalt-users] ProFTP security probs?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index