Help - Search - Members - Calendar
Full Version: should i be worried
The Planet Forums > Operating Systems > Others
ns1
Sep 18 2007, 05:44 AM
this is what i found in /var/log/messages:

Sep 17 16:14:33 new pure-ftpd: (?@72.243.189.26) [INFO] New connection from 72.243.189.26
Sep 17 16:14:33 new last message repeated 4 times
Sep 17 16:14:34 new pure-ftpd: (?@72.243.189.26) [INFO] Anonymous user logged in
Sep 17 16:14:34 new pure-ftpd: (?@72.243.189.26) [INFO] Anonymous user logged in
Sep 17 16:14:34 new pure-ftpd: (?@72.243.189.26) [INFO] Anonymous user logged in the virtual FTP: 74.52.77.170
Sep 17 16:14:34 new pure-ftpd: (?@72.243.189.26) [INFO] Anonymous user logged in the virtual FTP: 74.52.77.171
Sep 17 16:14:34 new pure-ftpd: (?@72.243.189.26) [INFO] Anonymous user logged in the virtual FTP: 74.52.77.174
Sep 17 16:14:34 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /RECYCLER/: Permission denied
Sep 17 16:14:34 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /RECYCLER/: No such file or directory
Sep 17 16:14:34 new last message repeated 3 times
Sep 17 16:14:34 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /public/: Permission denied
Sep 17 16:14:34 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /public/: No such file or directory
Sep 17 16:14:34 new last message repeated 3 times
Sep 17 16:14:34 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /public/incoming/: Permission denied
Sep 17 16:14:34 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /public/incoming/: No such file or directory
Sep 17 16:14:34 new last message repeated 3 times
Sep 17 16:14:34 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /incoming/: Permission denied
Sep 17 16:14:34 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /incoming/: No such file or directory
Sep 17 16:14:34 new last message repeated 2 times
Sep 17 16:14:35 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /mail/: No such file or directory
Sep 17 16:14:35 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /ftproot/: No such file or directory
Sep 17 16:14:35 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /upload/ /: No such file or directory
Sep 17 16:14:35 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /mail/: Permission denied
Sep 17 16:14:35 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /mail/: No such file or directory
Sep 17 16:14:35 new last message repeated 2 times
Sep 17 16:14:35 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /pub/incoming/: No such file or directory
Sep 17 16:14:35 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /ftproot/: Permission denied
Sep 17 16:14:35 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /ftproot/: No such file or directory
Sep 17 16:14:35 new last message repeated 2 times
Sep 17 16:14:35 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /upload/: No such file or directory
Sep 17 16:14:36 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /upload/ /: Permission denied
Sep 17 16:14:36 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /upload/ /: No such file or directory
Sep 17 16:14:36 new last message repeated 2 times
Sep 17 16:14:36 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /in/: No such file or directory
Sep 17 16:14:36 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /web/: No such file or directory
Sep 17 16:14:36 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /pub/incoming/: Permission denied
Sep 17 16:14:36 new pure-ftpd: (ftp@72.243.189.26) [INFO] Can't change directory to /pub/incoming/: No such file or directory
Sep 17 16:14:36 new last message repeated 2 times
Martyn Dale
Sep 18 2007, 11:27 PM
Well its not a hack attempt persay, but at the same time, its not innocent. It will just be a bot going along trying random IP's trying to get access to things anonymously, or with standard user/pass combinations.

It only shows a login via the anonymous user, so if you have nothing in that virtual FTP directory of importance, you will be safe. Unless you need it however, i would disable the autonomous FTP user.

If you dont need it, just disable FTP all together. I personally stick with the likes of SCP for added security.

Really what it comes down to is what you use your server for, and who and how many need access
Tomy Durden
Sep 19 2007, 01:58 AM
Judging by the timestamps, it was an automated attempt at something. Possible attempt to exploit, maybe just a web search spider. I know there's a few out there specialized in spidering FTP servers.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.