This I find again and again in syslog: Code: Oct 11 06:30:01 server-x proftpd[27051]: localhost (localhost[127.0.0.1]) - FTP session opened. Oct 11 06:30:01 server-x proftpd[27051]: localhost (localhost[127.0.0.1]) - FTP session closed. Oct 11 06:30:03 server-x proftpd[27055]: localhost - Fatal: unable to open incoming connection: Transport endpoint is not connected But proftp seem to work well. It seems that this: ist responsible for those entries because the entries appear every half an houre and exactly at strike the hour and 30 minutes pass to strike the hour. At that time the check_services.php ist startet by cron. What are that message mean? I don't want to comment out the responsible lines, I don't understand why it comes.
ServerName "Debian" ServerType standalone DeferWelcome off DefaultRoot "~/web" IdentLookups off ServerIdent on "FTP Server ready." MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayFirstChdir .message ListOptions "-l" DenyFilter \*.*/ Port 21 MaxInstances 30 User nobody Group nogroup Umask 022 022 AllowOverwrite on Include /etc/proftpd_ispconfig.conf Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:mysql *:* LISTEN 1206/mysqld tcp 0 0 *:81 *:* LISTEN 1485/ispconfig_http tcp 0 0 *:ftp *:* LISTEN 1502/proftpd: (acce tcp 0 0 server-x.d:domain *:* LISTEN 7263/named tcp 0 0 localhost:domain *:* LISTEN 7263/named tcp 0 0 *:smtp *:* LISTEN 1621/master tcp 0 0 localhost:953 *:* LISTEN 7263/named tcp6 0 0 *:imaps *:* LISTEN 1090/couriertcpd tcp6 0 0 *op3s *:* LISTEN 1111/couriertcpd tcp6 0 0 *op3 *:* LISTEN 1099/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 1078/couriertcpd tcp6 0 0 *:www *:* LISTEN 19512/apache2 tcp6 0 0 *:ssh *:* LISTEN 1365/sshd tcp6 0 0 *:smtp *:* LISTEN 1621/master tcp6 0 0 ::1:953 *:* LISTEN 7263/named tcp6 0 0 *:https *:* LISTEN 19512/apache2 tcp6 0 52 ::ffff:10.0.1.1:ssh dslb-088-013-101-:11832 VERBUNDEN 21802/0
Can you try this in /etc/proftpd.conf? It's taken from one of my Debian servers: Code: # This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "Debian" ServerType standalone DeferWelcome off ShowSymlinks on MultilineRFC2228 on DefaultServer on ShowSymlinks on AllowOverwrite on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayFirstChdir .message LsDefaultOptions "-l" DenyFilter \*.*/ # Uncomment this if you are using NIS or LDAP to retrieve passwords: #PersistentPasswd off # Port 21 is the standard FTP port. Port 21 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User nobody Group nogroup DefaultRoot ~ IdentLookups off ServerIdent on "FTP Server ready." # Normally, we want files to be overwriteable. <Directory /*> # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 AllowOverwrite on </Directory> Include /etc/proftpd_ispconfig.conf
No, but there is a spript which is using nmap and tries to find open ports... So I found the fault. Thanks for your help and realy sorry for my bad diagnostic.