Re: Runaway ProFTP?
And it's fixed now... not sure what the deal was with portsnap but it finally worked. I appreciate all the help. -- Ryan On Dec 10, 2010, at 10:59 PM, Ryan Coleman wrote: I have not been able to get portsnap to work at all today. On Dec 10, 2010, at 10:53 PM, Grant Peel wrote: - Original Message - From: Jerry Bell je...@nrdx.com To: freebsd-questions@freebsd.org Sent: Friday, December 10, 2010 4:47 PM Subject: Re: Runaway ProFTP? I have been having this happen a few times per week for the past few weeks. I believe it is caused by someone attacking proftpd. I noticed today that there is an updated version - 1.3.3c that fixes a vulnerability that they may have been trying to exploit. When I looked at the process list, I would see around 20 proftpd's, each with a high amount of CPU used, and connected to a specific IP. I'd firewall off those IPs and kill off proftpd/restart. Knock on wood, I have not had that happen since upgrading to 1.3.3c, but that may just be because no one has tried again yet. Jerry On 12/10/2010 4:39 PM, Ryan Coleman wrote: Does anyone have any ideas? On Dec 9, 2010, at 3:12 PM, Ryan Coleman wrote: Dear list, Has anyone else had experience with ProFTP 1.3.3a running away with processes? I installed it about 2 months ago with a new server build and over the course of the last three weeks I've had to forcibly kill, wait and restart the service every one-to-three days and sucking up between 20% and 80% of my system resources. I've attempted to change the logging in hopes to track down what is causing the problems but I have not been successful. Additionally it won't connect after a restart through Filezilla but using Terminal on my MBP it will connect in the CLI. It's not the end of the world (for me) but it is for my staff when they have to upload large numbers of photos. Thanks, Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Indeed, this Proftpd 1.3.3a vulnerability is exactly what my post on upgrading a single port is all about. I can say for a fact that the botnets are trying to use the vulnerability and that you are quite correct that the CPU / ZOMBIE processes are exploit related. I just upgraded today and so far so good. \FYI for anyone that is following my thread on updating one single port: I must have a somwhat busted installation. Using port upgrade failed ... sorry I did not remember to keep the output, but, I was able to download the source from proftpd.org and install it from scratch. -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Runaway ProFTP?
Grant Peel wrote: snip] \FYI for anyone that is following my thread on updating one single port: I must have a somwhat busted installation. Using port upgrade failed ... sorry I did not remember to keep the output, but, I was able to download the source from proftpd.org and install it from scratch. What I do on a fairly regular basis (usually about once a week) is the following: cd to /usr/sup - this is where I keep my supfiles and housekeeping csup -L 2 ports portsdb -uF pkgdb -u portversion This refreshes the ports tree and downloads the current matching INDEX database. Then the package database gets updated and checked and if there are no errors portversion runs to identify ports in need of update. Of course, what to do about the results is left up to the sysadmin. If I am inclined to update (usually just a portupgrade -a most of the time) I will then consult UPDATING. Preparing some kind of fallback in case of failure is a good idea for anything in production. I'm lucky enough to have an extra spare hard drive in every box to which I can do a dump immediately prior to upgrade. I also believe in test bedding stuff first. My 2 servers at home have the same services running on them as the 7 I have at work. So I run any updating on the two boxen at home first. If that is trouble free I might then do the ones at work. If not, the ones at work won't be touched. One thing I've noticed over the years is portupgrade works best when done more frequently so fewer things get upgraded at any one time. Letting a box go for 6 months and needing to update 100 things is more prone to failure. Each approach has it's pros and cons. Some shops don't want frequent updating because it is more likely to take a production system down, and that is perfectly reasonable to the point that old software doesn't have exploits. There have been a few updates to portupgrade itself lately. But there is a pretty fair chance if the command line shown above rolls all the way through with zero errors it may be taken as a good sign. Any errors at all and I would stop and find out what's wrong before moving on to actually updating anything. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Runaway ProFTP?
Does anyone have any ideas? On Dec 9, 2010, at 3:12 PM, Ryan Coleman wrote: Dear list, Has anyone else had experience with ProFTP 1.3.3a running away with processes? I installed it about 2 months ago with a new server build and over the course of the last three weeks I've had to forcibly kill, wait and restart the service every one-to-three days and sucking up between 20% and 80% of my system resources. I've attempted to change the logging in hopes to track down what is causing the problems but I have not been successful. Additionally it won't connect after a restart through Filezilla but using Terminal on my MBP it will connect in the CLI. It's not the end of the world (for me) but it is for my staff when they have to upload large numbers of photos. Thanks, Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Runaway ProFTP?
I have been having this happen a few times per week for the past few weeks. I believe it is caused by someone attacking proftpd. I noticed today that there is an updated version - 1.3.3c that fixes a vulnerability that they may have been trying to exploit. When I looked at the process list, I would see around 20 proftpd's, each with a high amount of CPU used, and connected to a specific IP. I'd firewall off those IPs and kill off proftpd/restart. Knock on wood, I have not had that happen since upgrading to 1.3.3c, but that may just be because no one has tried again yet. Jerry On 12/10/2010 4:39 PM, Ryan Coleman wrote: Does anyone have any ideas? On Dec 9, 2010, at 3:12 PM, Ryan Coleman wrote: Dear list, Has anyone else had experience with ProFTP 1.3.3a running away with processes? I installed it about 2 months ago with a new server build and over the course of the last three weeks I've had to forcibly kill, wait and restart the service every one-to-three days and sucking up between 20% and 80% of my system resources. I've attempted to change the logging in hopes to track down what is causing the problems but I have not been successful. Additionally it won't connect after a restart through Filezilla but using Terminal on my MBP it will connect in the CLI. It's not the end of the world (for me) but it is for my staff when they have to upload large numbers of photos. Thanks, Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Runaway ProFTP?
On 11/12/2010 4:47, Jerry Bell wrote: I have been having this happen a few times per week for the past few weeks. I believe it is caused by someone attacking proftpd. I noticed today that there is an updated version - 1.3.3c that fixes a vulnerability that they may have been trying to exploit. When I looked at the process list, I would see around 20 proftpd's, each with a high amount of CPU used, and connected to a specific IP. I'd firewall off those IPs and kill off proftpd/restart. Knock on wood, I have not had that happen since upgrading to 1.3.3c, but that may just be because no one has tried again yet. Jerry yeap, thats correct according to proftpd website news, I upgrade using latest port but still get attacking, I change to pure-ftpd then everything fine -- Thanks Regards, Thomas Wahyudi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Runaway ProFTP?
- Original Message - From: Jerry Bell je...@nrdx.com To: freebsd-questions@freebsd.org Sent: Friday, December 10, 2010 4:47 PM Subject: Re: Runaway ProFTP? I have been having this happen a few times per week for the past few weeks. I believe it is caused by someone attacking proftpd. I noticed today that there is an updated version - 1.3.3c that fixes a vulnerability that they may have been trying to exploit. When I looked at the process list, I would see around 20 proftpd's, each with a high amount of CPU used, and connected to a specific IP. I'd firewall off those IPs and kill off proftpd/restart. Knock on wood, I have not had that happen since upgrading to 1.3.3c, but that may just be because no one has tried again yet. Jerry On 12/10/2010 4:39 PM, Ryan Coleman wrote: Does anyone have any ideas? On Dec 9, 2010, at 3:12 PM, Ryan Coleman wrote: Dear list, Has anyone else had experience with ProFTP 1.3.3a running away with processes? I installed it about 2 months ago with a new server build and over the course of the last three weeks I've had to forcibly kill, wait and restart the service every one-to-three days and sucking up between 20% and 80% of my system resources. I've attempted to change the logging in hopes to track down what is causing the problems but I have not been successful. Additionally it won't connect after a restart through Filezilla but using Terminal on my MBP it will connect in the CLI. It's not the end of the world (for me) but it is for my staff when they have to upload large numbers of photos. Thanks, Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Indeed, this Proftpd 1.3.3a vulnerability is exactly what my post on upgrading a single port is all about. I can say for a fact that the botnets are trying to use the vulnerability and that you are quite correct that the CPU / ZOMBIE processes are exploit related. I just upgraded today and so far so good. \FYI for anyone that is following my thread on updating one single port: I must have a somwhat busted installation. Using port upgrade failed ... sorry I did not remember to keep the output, but, I was able to download the source from proftpd.org and install it from scratch. -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Runaway ProFTP?
I have not been able to get portsnap to work at all today. On Dec 10, 2010, at 10:53 PM, Grant Peel wrote: - Original Message - From: Jerry Bell je...@nrdx.com To: freebsd-questions@freebsd.org Sent: Friday, December 10, 2010 4:47 PM Subject: Re: Runaway ProFTP? I have been having this happen a few times per week for the past few weeks. I believe it is caused by someone attacking proftpd. I noticed today that there is an updated version - 1.3.3c that fixes a vulnerability that they may have been trying to exploit. When I looked at the process list, I would see around 20 proftpd's, each with a high amount of CPU used, and connected to a specific IP. I'd firewall off those IPs and kill off proftpd/restart. Knock on wood, I have not had that happen since upgrading to 1.3.3c, but that may just be because no one has tried again yet. Jerry On 12/10/2010 4:39 PM, Ryan Coleman wrote: Does anyone have any ideas? On Dec 9, 2010, at 3:12 PM, Ryan Coleman wrote: Dear list, Has anyone else had experience with ProFTP 1.3.3a running away with processes? I installed it about 2 months ago with a new server build and over the course of the last three weeks I've had to forcibly kill, wait and restart the service every one-to-three days and sucking up between 20% and 80% of my system resources. I've attempted to change the logging in hopes to track down what is causing the problems but I have not been successful. Additionally it won't connect after a restart through Filezilla but using Terminal on my MBP it will connect in the CLI. It's not the end of the world (for me) but it is for my staff when they have to upload large numbers of photos. Thanks, Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Indeed, this Proftpd 1.3.3a vulnerability is exactly what my post on upgrading a single port is all about. I can say for a fact that the botnets are trying to use the vulnerability and that you are quite correct that the CPU / ZOMBIE processes are exploit related. I just upgraded today and so far so good. \FYI for anyone that is following my thread on updating one single port: I must have a somwhat busted installation. Using port upgrade failed ... sorry I did not remember to keep the output, but, I was able to download the source from proftpd.org and install it from scratch. -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Runaway ProFTP?
Dear list, Has anyone else had experience with ProFTP 1.3.3a running away with processes? I installed it about 2 months ago with a new server build and over the course of the last three weeks I've had to forcibly kill, wait and restart the service every one-to-three days and sucking up between 20% and 80% of my system resources. I've attempted to change the logging in hopes to track down what is causing the problems but I have not been successful. Additionally it won't connect after a restart through Filezilla but using Terminal on my MBP it will connect in the CLI. It's not the end of the world (for me) but it is for my staff when they have to upload large numbers of photos. Thanks, Ryan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Proftp [SOLVED]
Thanks to those who responded. Manually creating the directory /var/run/proftpd did indeed solve the problem, and yes, the man page is incorrect as it suggests /var/run/run/proftpd. best regards, Robert On Wed, 25 Feb 2004 09:25:19 -0500 Paul Mather [EMAIL PROTECTED] wrote: The problem with the port is that it does not create the default directory in which the scoreboard file is created. The man page that is installed is also apparently incorrect. The correct default directory is /var/run/proftpd. If you create that directory, the port should run happily with the default proftpd.conf file. Alternatively, as someone else suggested, you can explicitly set the scoreboard file to be stored in a known existing directory (e.g., /var/run) via the ScoreboardFile directive in proftpd.conf. You don't need to create the scoreboard file itself. It will be created when proftpd starts up (so long as the directory in which it is supposed to reside exists). Cheers, Paul. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Proftp
I've decided to install proftpd from ports since (it is said) to be more robust than the FBSD ftpd daemon. I went to /usr/ports/ftp/proftpd. The port downloaded, compiled, and appeared to install correctly. I edited /etc/rc.conf to make sure that the /usr/local/etc/rc.d/proftpd.sh would run at boot time. I checked file proftpd.conf to make sure it was in standalone mode. However, it does not start. If I manually run the command /usr/local/libexec/proftpd start, I receive this error message: error opening scoreboard: no such file or directory According to the man page, there should be a file called /var/run/run/proftpd/proftpd.scoreboard but I see that it does not exist on my machine. I tried creating it with the touch command, but that doesn't really do anything useful. In fact, I know from running Slackware that this should be a binary file, not an empty file, so I didn't have much hope that this would solve anything. I also tried starting Proftp from /etc/inetd.conf, but that was also unsuccessful. Again, I received the same error about the missing scoreboard. At this point, I'm stumped, so I hope that somebody who has succeeded in getting Proftp working on FBSD has some advice. TIA, Robert ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Proftp
I prefer putting: ScoreboardFile /var/run/proftpd.scoreboard in /usr/local/etc/proftpd.conf, personally and touching the file did seem to solve that particular error message for me. However, this was not a particularly intuitive solution, and I'm not sure why the port is set up to require the manual step of either creating the directory for the default location of the scoreboard file or moving it. Even after this, the default rc.d script from ports doesn't seem to work for me. Instead of figuring it out, i just ran proftpd the manual way you did from the command line with: /usr/local/libexec/proftpd and that started the daemon. I haven't done it yet, but probably rewriting the init script more simply so that it does only what worked for me at the command line would solve that problem. I've decided to install proftpd from ports since (it is said) to be more robust than the FBSD ftpd daemon. I went to /usr/ports/ftp/proftpd. The port downloaded, compiled, and appeared to install correctly. I edited /etc/rc.conf to make sure that the /usr/local/etc/rc.d/proftpd.sh would run at boot time. I checked file proftpd.conf to make sure it was in standalone mode. However, it does not start. If I manually run the command /usr/local/libexec/proftpd start, I receive this error message: error opening scoreboard: no such file or directory According to the man page, there should be a file called /var/run/run/proftpd/proftpd.scoreboard but I see that it does not exist on my machine. I tried creating it with the touch command, but that doesn't really do anything useful. In fact, I know from running Slackware that this should be a binary file, not an empty file, so I didn't have much hope that this would solve anything. I also tried starting Proftp from /etc/inetd.conf, but that was also unsuccessful. Again, I received the same error about the missing scoreboard. At this point, I'm stumped, so I hope that somebody who has succeeded in getting Proftp working on FBSD has some advice. TIA, Robert ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Proftp
On Wed, Feb 25, 2004 at 11:02:41AM +0800, Robert Storey wrote: I've decided to install proftpd from ports since (it is said) to be more robust than the FBSD ftpd daemon. Said by who? Note that proftpd has had a number of security vulnerabilities in the last few years, so there's more to consider than just robustness. Anyway, since you're having problems setting it up, you should give serious thought to the FreeBSD ftpd unless you require a feature it does not have. Kris pgp0.pgp Description: PGP signature