Log Review Failed FTP Attempt
Hi, I've setup Iptables so only certain IP addresses can access our shell. It works well for the handful of us that access the shell. We also run SFTP. So the IP for anyone needing FTP must be in the IP tables as well. Today, I'm trying to configure someone remotely. I added their IP address to the IPTables and helped them configure their FTP Client. They are not able to connect. It is unclear to me if it is a client or server issue. So I am looking at the logs. I'm running CentOS 5.6 and looking in /var/log/secure . I see no entry for the failed access attempt. Is there another log I should be looking in? Thank you for your help! Keith Smith--- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Log Review Failed FTP Attempt
Hey Keith I'm afraid your language is just a bit ambiguous -- SFTP, as in FTP over SSH, or FTP, as in ProFTPd or Pure-FTPd? If it's the former, then /var/log/secure will be the right place, but it'll show up as sshd. Here's what a failed login looks like on my CentOS VPS: Jan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): check pass; user unknown Jan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= cpe-66-68-110-19.austin.res.rr.com If it's actual FTP, I believe that will be in /var/log/messages or something, depending on how it's configured. On Thu, Jan 19, 2012 at 12:29 PM, keith smith wrote: > > Hi, > > I've setup Iptables so only certain IP addresses can access our shell. It > works well for the handful of us that access the shell. > > We also run SFTP. So the IP for anyone needing FTP must be in the IP > tables as well. > > Today, I'm trying to configure someone remotely. I added their IP address > to the IPTables and helped them configure their FTP Client. They are not > able to connect. It is unclear to me if it is a client or server issue. > So I am looking at the logs. > > I'm running CentOS 5.6 and looking in /var/log/secure . I see no entry > for the failed access attempt. > > Is there another log I should be looking in? > > Thank you for your help! > > > Keith Smith > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Log Review Failed FTP Attempt
Also, is it cPanel by chance? Is cPHulk enabled? On Thu, Jan 19, 2012 at 1:06 PM, Andrew Harris wrote: > Hey Keith > > I'm afraid your language is just a bit ambiguous -- SFTP, as in FTP over > SSH, or FTP, as in ProFTPd or Pure-FTPd? > > If it's the former, then /var/log/secure will be the right place, but > it'll show up as sshd. Here's what a failed login looks like on my CentOS > VPS: > > Jan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): check pass; user > unknown > Jan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= > cpe-66-68-110-19.austin.res.rr.com > > If it's actual FTP, I believe that will be in /var/log/messages or > something, depending on how it's configured. > > On Thu, Jan 19, 2012 at 12:29 PM, keith smith wrote: > >> >> Hi, >> >> I've setup Iptables so only certain IP addresses can access our shell. >> It works well for the handful of us that access the shell. >> >> We also run SFTP. So the IP for anyone needing FTP must be in the IP >> tables as well. >> >> Today, I'm trying to configure someone remotely. I added their IP >> address to the IPTables and helped them configure their FTP Client. They >> are not able to connect. It is unclear to me if it is a client or server >> issue. So I am looking at the logs. >> >> I'm running CentOS 5.6 and looking in /var/log/secure . I see no entry >> for the failed access attempt. >> >> Is there another log I should be looking in? >> >> Thank you for your help! >> >> >> Keith Smith >> --- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> > > --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Log Review Failed FTP Attempt
Ok, Sorry, it is FTP over SSH. Thanks! Keith Smith --- On Thu, 1/19/12, Andrew Harris wrote: From: Andrew Harris Subject: Re: Log Review Failed FTP Attempt To: "Main PLUG discussion list" Date: Thursday, January 19, 2012, 12:06 PM Hey Keith I'm afraid your language is just a bit ambiguous -- SFTP, as in FTP over SSH, or FTP, as in ProFTPd or Pure-FTPd? If it's the former, then /var/log/secure will be the right place, but it'll show up as sshd. Here's what a failed login looks like on my CentOS VPS: Jan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): check pass; user unknownJan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cpe-66-68-110-19.austin.res.rr.com If it's actual FTP, I believe that will be in /var/log/messages or something, depending on how it's configured. On Thu, Jan 19, 2012 at 12:29 PM, keith smith wrote: Hi, I've setup Iptables so only certain IP addresses can access our shell. It works well for the handful of us that access the shell. We also run SFTP. So the IP for anyone needing FTP must be in the IP tables as well. Today, I'm trying to configure someone remotely. I added their IP address to the IPTables and helped them configure their FTP Client. They are not able to connect. It is unclear to me if it is a client or server issue. So I am looking at the logs. I'm running CentOS 5.6 and looking in /var/log/secure . I see no entry for the failed access attempt. Is there another log I should be looking in? Thank you for your help! Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -Inline Attachment Follows- --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss--- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Log Review Failed FTP Attempt
No Control panel only command line. Thanks! Keith Smith --- On Thu, 1/19/12, Andrew Harris wrote: From: Andrew Harris Subject: Re: Log Review Failed FTP Attempt To: "Main PLUG discussion list" Date: Thursday, January 19, 2012, 12:07 PM Also, is it cPanel by chance? Is cPHulk enabled? On Thu, Jan 19, 2012 at 1:06 PM, Andrew Harris wrote: Hey Keith I'm afraid your language is just a bit ambiguous -- SFTP, as in FTP over SSH, or FTP, as in ProFTPd or Pure-FTPd? If it's the former, then /var/log/secure will be the right place, but it'll show up as sshd. Here's what a failed login looks like on my CentOS VPS: Jan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): check pass; user unknownJan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cpe-66-68-110-19.austin.res.rr.com If it's actual FTP, I believe that will be in /var/log/messages or something, depending on how it's configured. On Thu, Jan 19, 2012 at 12:29 PM, keith smith wrote: Hi, I've setup Iptables so only certain IP addresses can access our shell. It works well for the handful of us that access the shell. We also run SFTP. So the IP for anyone needing FTP must be in the IP tables as well. Today, I'm trying to configure someone remotely. I added their IP address to the IPTables and helped them configure their FTP Client. They are not able to connect. It is unclear to me if it is a client or server issue. So I am looking at the logs. I'm running CentOS 5.6 and looking in /var/log/secure . I see no entry for the failed access attempt. Is there another log I should be looking in? Thank you for your help! Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -Inline Attachment Follows- --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss--- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Log Review Failed FTP Attempt
Well nevermind then. Just /var/log/secure. On Thu, Jan 19, 2012 at 2:50 PM, keith smith wrote: > > No Control panel only command line. > > Thanks! > > > Keith Smith > > --- On *Thu, 1/19/12, Andrew Harris * wrote: > > > From: Andrew Harris > Subject: Re: Log Review Failed FTP Attempt > To: "Main PLUG discussion list" > Date: Thursday, January 19, 2012, 12:07 PM > > > Also, is it cPanel by chance? Is cPHulk enabled? > > On Thu, Jan 19, 2012 at 1:06 PM, Andrew Harris > http://mc/compose?to=t...@supertunaman.com> > > wrote: > > Hey Keith > > I'm afraid your language is just a bit ambiguous -- SFTP, as in FTP over > SSH, or FTP, as in ProFTPd or Pure-FTPd? > > If it's the former, then /var/log/secure will be the right place, but > it'll show up as sshd. Here's what a failed login looks like on my CentOS > VPS: > > Jan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): check pass; user > unknown > Jan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= > cpe-66-68-110-19.austin.res.rr.com > > If it's actual FTP, I believe that will be in /var/log/messages or > something, depending on how it's configured. > > On Thu, Jan 19, 2012 at 12:29 PM, keith smith > http://mc/compose?to=klsmith2...@yahoo.com> > > wrote: > > > Hi, > > I've setup Iptables so only certain IP addresses can access our shell. It > works well for the handful of us that access the shell. > > We also run SFTP. So the IP for anyone needing FTP must be in the IP > tables as well. > > Today, I'm trying to configure someone remotely. I added their IP address > to the IPTables and helped them configure their FTP Client. They are not > able to connect. It is unclear to me if it is a client or server issue. > So I am looking at the logs. > > I'm running CentOS 5.6 and looking in /var/log/secure . I see no entry > for the failed access attempt. > > Is there another log I should be looking in? > > Thank you for your help! > > > Keith Smith > --- > PLUG-discuss mailing list - > PLUG-discuss@lists.plug.phoenix.az.us<http://mc/compose?to=PLUG-discuss@lists.plug.phoenix.az.us> > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > -Inline Attachment Follows- > > > --- > PLUG-discuss mailing list - > PLUG-discuss@lists.plug.phoenix.az.us<http://mc/compose?to=PLUG-discuss@lists.plug.phoenix.az.us> > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Log Review Failed FTP Attempt
Ok, Thanks! Keith Smith --- On Thu, 1/19/12, Andrew Harris wrote: From: Andrew Harris Subject: Re: Log Review Failed FTP Attempt To: "Main PLUG discussion list" Date: Thursday, January 19, 2012, 1:52 PM Well nevermind then. Just /var/log/secure. On Thu, Jan 19, 2012 at 2:50 PM, keith smith wrote: No Control panel only command line. Thanks! Keith Smith --- On Thu, 1/19/12, Andrew Harris wrote: From: Andrew Harris Subject: Re: Log Review Failed FTP Attempt To: "Main PLUG discussion list" Date: Thursday, January 19, 2012, 12:07 PM Also, is it cPanel by chance? Is cPHulk enabled? On Thu, Jan 19, 2012 at 1:06 PM, Andrew Harris wrote: Hey Keith I'm afraid your language is just a bit ambiguous -- SFTP, as in FTP over SSH, or FTP, as in ProFTPd or Pure-FTPd? If it's the former, then /var/log/secure will be the right place, but it'll show up as sshd. Here's what a failed login looks like on my CentOS VPS: Jan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): check pass; user unknownJan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cpe-66-68-110-19.austin.res.rr.com If it's actual FTP, I believe that will be in /var/log/messages or something, depending on how it's configured. On Thu, Jan 19, 2012 at 12:29 PM, keith smith wrote: Hi, I've setup Iptables so only certain IP addresses can access our shell. It works well for the handful of us that access the shell. We also run SFTP. So the IP for anyone needing FTP must be in the IP tables as well. Today, I'm trying to configure someone remotely. I added their IP address to the IPTables and helped them configure their FTP Client. They are not able to connect. It is unclear to me if it is a client or server issue. So I am looking at the logs. I'm running CentOS 5.6 and looking in /var/log/secure . I see no entry for the failed access attempt. Is there another log I should be looking in? Thank you for your help! Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -Inline Attachment Follows- --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -Inline Attachment Follows- --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss--- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
