Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Arjay on November 16, 2003, 02:05:32 AM
-
hi,
im just wondering if any new news about the update on the proftpd exploit? im almost everyday, i got these on my logs:
Nov 15 11:26:00 smeserver proftpd[17145]: my-domain.ph (211.250.201.254[211.250.201.254]) - FTP session opened.
Nov 16 03:32:03 smeserver proftpd[18976]: my-domain.ph (218.77.253.218[218.77.253.218]) - FTP session opened.
i dont have any other users to use ftp other than myself especially when im away from the server... so does this "FTP session opened." post a threat to my network's security? or someone just tried to access my ftp but then he failed?
i need suggestions or inputs.
-
Login to a shell prompt and type "last". Any conections you see as "public" are connections that were established as an anyonomous user, you'll also see conenctions made by valid user accounts (if they use ftp).