FTP-is this attack?

Discussion in 'General' started by galaxyboss, Apr 13, 2007.

  1. galaxyboss

    galaxyboss New Member

    Hi,
    I have very wried log in my message log:
    Code:
    pr 12 00:41:11 server1 proftpd[11078]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - FTP session opened.
Apr 12 00:41:12 server1 proftpd[11078]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - no such user 'Administrator'
Apr 12 00:41:13 server1 proftpd[11079]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - FTP session opened.
Apr 12 00:41:14 server1 proftpd[11079]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - no such user 'Administrator'
Apr 12 00:41:14 server1 proftpd[11080]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - FTP session opened.
Apr 12 00:41:16 server1 proftpd[11080]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - no such user 'Administrator'
Apr 12 00:41:17 server1 proftpd[11081]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - FTP session opened.
Apr 12 00:41:17 server1 proftpd[11082]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - FTP session opened.
Apr 12 00:41:18 server1 proftpd[11081]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - no such user 'Administrator'
Apr 12 00:41:18 server1 proftpd[11082]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - no such user 'Administrator'
Apr 12 00:41:19 server1 proftpd[11085]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - FTP session opened.
Apr 12 00:41:20 server1 proftpd[11086]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - FTP session opened.
Apr 12 00:41:20 server1 proftpd[11085]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - no such user 'Administrator'
Apr 12 00:41:21 server1 proftpd[11086]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - no such user 'Administrator'
Apr 12 00:41:23 server1 proftpd[11088]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - FTP session opened.
Apr 12 00:41:23 server1 proftpd[11089]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - FTP session opened.
Apr 12 00:41:24 server1 proftpd[11088]: localhost.localdomain (::ffff:88.80.192.124[::ffff:88.80.192.124]) - no such user 'Administrator'
    this is small part form 358836line in the log file, and may IP :)ffff:***.***.***.***)

    can any one tell me what is this? is it attack on FTP server ?
    I am using proftpd, and I think my server is slow becuacse of this

    I have question also, where is the log file for postfix ?
    is it var/log/maillog?
    I need to see what is the problem with postfix also ?

    :confused: :confused:
     
    galaxyboss, Apr 13, 2007
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This looks for me as if a Windows computer is trying to access your server by FTP. I guess thats no attack, just a user tried to open a connection in explorer and windows is trying to connect again and again. I would just ignore it.

    Yes, either /var/log/maillog, /var/log/mail, /var/log/mail.log or /var/log/mail.info depending on your linux distribution.
     
    till, Apr 13, 2007
    #2

Share This Page