09-01-2009
FTP logfile shows strange activity at login
Has anyone seen or know what is causing this FTP log file line-item?
3 times when I successfully logged into FTP today, the log file shows a server response of a wrong password (530) to an IP address that is not mine... Below are FTP Log-file entries. I have removed my username & IP address:
[2009/09/01 09:46:28] my_username 75.MY.IP.XXX: C="USER my_username" B=- S=331
[2009/09/01 09:46:28] my_username 74.9.212.42: C="PASS (hidden)" B=- S=530
[2009/09/01 09:46:30] my_username 75.MY.IP.XXX: C="PASS (hidden)" B=- S=230
[2009/09/01 09:46:30] my_username 75.MY.IP.XXX: C="FEAT" B=- S=211
-----------
[2009/09/01 10:13:39] my_username 75.MY.IP.XXX: C="USER my_username" B=- S=331
[2009/09/01 10:13:39] my_username 206.174.127.8: C="PASS (hidden)" B=- S=530
[2009/09/01 10:13:41] my_username 75.MY.IP.XXX: C="PASS (hidden)" B=- S=230
[2009/09/01 10:13:41] my_username 75.MY.IP.XXX: C="FEAT" B=- S=211
-----------
[2009/09/01 10:28:15] my_username 75.MY.IP.XXX: C="USER my_username" B=- S=331
[2009/09/01 10:28:15] my_username 69.229.165.99: C="PASS (hidden)" B=- S=530
[2009/09/01 10:28:17] my_username 75.MY.IP.XXX: C="PASS (hidden)" B=- S=230
[2009/09/01 10:28:17] my_username 75.MY.IP.XXX: C="FEAT" B=- S=211
-----------
Line 1: server acknowledges good username (331) from my IP address.
Line 2: always at the same time stamp, the server tells someone else's IP address (associated with various ISPs around the country) that the password was refused (530).
Line 3: a few seconds later, the password I sent is accepted (230) from my IP address.
Line 4: my FTP client successfully starts its session...
Any ideas what's causing this would be appreciated!
Thank you.
Last edited by bricolage; 09-01-2009 at 11:05 PM..
7 More Discussions You Might Find Interesting
1. HP-UX
Hi everybody, im a newer, i want to setup a logfile to capture information about user login/logout (and some other events ex: a user ftp, run a speacial command) on my system in HP-UX, pls help me.
i think only edit file /etc/syslog.conf but dont know how to do it.
Help me. (0 Replies)
Discussion started by: pwd
0 Replies
2. UNIX for Dummies Questions & Answers
Hi everybody, im a newer, i want to setup a logfile to capture information about user login/logout (and some other events ex: a user ftp, run a speacial command) on my system in HP-UX, pls help me.
i think only edit file /etc/syslog.conf but i dont know how to do it.
Help me. (3 Replies)
Discussion started by: pwd
3 Replies
3. HP-UX
Hi,
I am faceing strange login problem in HP-UX.
I am sending login username through tcl script in telnet session.
After opening new telnet session prompt comes as,
login:
but it not able to handle or get username whatever i am sending.If i press an enter then every thing goes... (1 Reply)
Discussion started by: ashokd009
1 Replies
4. HP-UX
Hi all,
I am using HP-UX and I have just noticed that when I log into the network it seems to save the previous windows that were subsequently closed on previous occasions. Does anyone know when I log in, it seems to display these previous windows, e.g. nedit windows open again?
Does... (1 Reply)
Discussion started by: cyberfrog
1 Replies
5. UNIX for Dummies Questions & Answers
Hi All,
FTP ports opens with the given user name and password and allows to download file through COMMAND PROMPT. Code as below:
H:\>ftp ftpxxxxx
Connected to entvc2ft07-pub.xxxxx.com.
220 Microsoft FTP Service
User (entvc2ft07-pub.xxxxx.com:(none)): userxxxxx
331 User name okay, need... (1 Reply)
Discussion started by: vijayalakshmi.r
1 Replies
6. UNIX for Dummies Questions & Answers
When I choose to encrypt my drive during a Linux install, it encryps it, but I receive errors in dmesg and in ~/.xsessions-errors during use. The first error is in dmesg where it sometimes shows errors writing to the encypted device. The second error is in ~/.xsessions-errors with an error about... (0 Replies)
Discussion started by: justgoogleit
0 Replies
7. Solaris
OS: Solaris 9
Configuration /etc/syslog.conf
daemon.debug
/etc/inetd.conf
ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd -A -l -d
Found the ftp.log only generate those entries from other servers/hosts.
Can we trace on all ftp entries either from/to the server?
... (6 Replies)
Discussion started by: KhawHL
6 Replies
LEARN ABOUT CENTOS
ftpusers
FTPUSERS(5) Linux Programmer's Manual FTPUSERS(5)
NAME
ftpusers - list of users that may not log in via the FTP daemon
DESCRIPTION
The text file ftpusers contains a list of users that may not log in using the File Transfer Protocol (FTP) server daemon. This file is
used not merely for system administration purposes but for improving security within a TCP/IP networked environment. It will typically
contain a list of the users that either have no business using ftp or have too many privileges to be allowed to log in through the FTP
server daemon. Such users usually include root, daemon, bin, uucp, and news. If your FTP server daemon doesn't use ftpusers then it is
suggested that you read its documentation to find out how to block access for certain users. Washington University FTP server Daemon
(wuftpd) and Professional FTP Daemon (proftpd) are known to make use of ftpusers.
Format
The format of ftpusers is very simple. There is one account name (or username) per line. Lines starting with a # are ignored.
FILES
/etc/ftpusers
SEE ALSO
passwd(5), proftpd(8), wuftpd(8)
COLOPHON
This page is part of release 3.53 of the Linux man-pages project. A description of the project, and information about reporting bugs, can
be found at http://www.kernel.org/doc/man-pages/.
Linux 2000-08-27 FTPUSERS(5)