[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FTP Hacker question

Subject: FTP Hacker question
From: Matt Mashyna <email@hidden>
Date: Tue, 20 Feb 2007 10:07:53 -0500
Delivered-to: email@hidden
Delivered-to: email@hidden

When I leave my FTP service up for a while I collect ftpd processes. It looks like robots trying to break in. Server Admin tells me that I have X authenticated users but the log shows nothing. I have logging turned all the way up but I don't see anything going on. How can I see what's really happening. Here's an example from the terminal:

root# ps -aux | grep ftp root 1676 0.0 0.1 28132 1308 ?? S 9:22AM 0:00.11 ftpd: stat.vandussen.com: connected: IDLE root 2009 0.0 0.1 28132 1316 ?? S 9:36AM 0:00.11 ftpd: 216-241-50-251.static-ip.telepacifi

Watch as I kill them...

root# kill 1676 2009

And they come right back!

root# ps -aux | grep ftp root 2138 0.0 0.0 27244 448 ?? Ss 9:43AM 0:00.01 /usr/libexec/launchproxy xftpd -a root 2139 0.0 0.1 28132 1320 ?? S 9:43AM 0:00.11 ftpd: stat.vandussen.com: connected: IDLE root 2140 0.0 0.1 28132 1320 ?? S 9:43AM 0:00.10 ftpd: 216-241-50-251.static-ip.telepacifi

Any ideas ? I sure would like to close this hole. I can't understand how they can be authenticated but not show up in a log.


Thanks,
Matt
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: FTP Hacker question
  - From: Dan Shoop <email@hidden>
- Re: FTP Hacker question
  - From: Jeremy Bush <email@hidden>

Prev by Date: Re: long delay/hang?
Next by Date: LDAP Binding failed, Startup freeze
Previous by thread: no access to network home directories if pw type is Open Directory
Next by thread: Re: FTP Hacker question
Index(es):
- Date
- Thread

Home