Topic: (SOLVED) Visitor from China!!!

[MAuVE]

I got a couple of e-mails from my SME server with the following content:

"There are 1 opened FTP sessions on the server, you had set the alert limit to 1 sessions.
(Advice : check that it is authorized users only.)"

/var/log/ftp/current log shows the following activity iterated for more then half an hour.

2010-02-15 07:59:12.646163500 tcpsvd: info: pid 14549 from 116.252.38.78
2010-02-15 07:59:12.646165500 tcpsvd: info: concurrency 14549 116.252.38.78 1/4
2010-02-15 07:59:12.646167500 tcpsvd: info: start 14549 0:192.168.10.1 ::116.252.38.78:14708 ./peers/0
2010-02-15 07:59:14.712595500 tcpsvd: info: end 14549 exit 0
2010-02-15 07:59:14.712598500 tcpsvd: info: status 0/40
2010-02-15 07:59:15.397714500 tcpsvd: info: status 1/40

My questions are:

What was the person from 116.252.38.78 (China?) trying to do?

Did he finally get access to the content of my ftp? How can I check that?

Thanks

[Stefano]

What was the person from 116.252.38.78 (China?) trying to do?

maybe searching a ftp server/account to store files

Did he finally get access to the content of my ftp? How can I check that?

if you have no easy password I think he didn't

[MAuVE]

Thanks Stefano,

The answer to my second question was found in the var/log/securityxxxxxxxxx log.

Each time my uninvited visitor got:

[116.252.38.78]) - Maximum login attempts (3) exceeded, connection refused