Hi, I got a call from my ISP saying my server is attempting to connect to other computers on their network. They wouldn't give me any information on what computers my server was attempting to connect to, but I got an email from one of the people whos computer was getting attempted connections to from my computer. In the email he included this from a log file:
May 20 15:43:10 home in.ftpd[32466]: connect from 68.13.119.156 (68.13.119.156) May 20 15:49:28 home in.ftpd[32497]: connect from 68.13.119.156 (68.13.119.156) The only one who has access to FTP into my server is me. No one else has an account. I checked the log files around that time and found this: May 20 15:07:53 falcov ftpd[24837]: FTP session closed May 20 15:08:26 falcov ftpd[24840]: FTP LOGIN REFUSED (ftp in /etc/ftpusers) FROM ip68-7-46-40.sd.sd.cox.net [68.7.46.40], anonymous May 20 15:08:40 falcov ftpd[24840]: FTP session closed May 20 15:12:19 falcov ftpd[24859]: FTP LOGIN REFUSED (ftp in /etc/ftpusers) FROM ip68-7-11-17.sd.sd.cox.net [68.7.11.17], anonymous May 20 15:12:20 falcov ftpd[24859]: FTP session closed May 20 15:12:22 falcov ftpd[24860]: FTP LOGIN REFUSED (ftp in /etc/ftpusers) FROM ip68-7-11-17.sd.sd.cox.net [68.7.11.17], anonymous May 20 15:12:22 falcov ftpd[24860]: FTP session closed May 20 15:34:38 falcov login(pam_unix)[26830]: bad username [] May 20 15:34:38 falcov login[26830]: FAILED LOGIN 1 FROM dsl237-245.dsl.up.net FOR , Authentication failure May 20 15:34:38 falcov login(pam_unix)[26830]: bad username [] May 20 15:34:38 falcov login[26830]: FAILED LOGIN 2 FROM dsl237-245.dsl.up.net FOR , Authentication failure May 20 15:34:39 falcov login(pam_unix)[26830]: bad username [] May 20 15:34:39 falcov login[26830]: FAILED LOGIN 3 FROM dsl237-245.dsl.up.net FOR , Authentication failure May 20 15:34:39 falcov login(pam_unix)[26830]: bad username [] May 20 15:34:39 falcov login[26830]: FAILED LOGIN SESSION FROM dsl237-245.dsl.up.net FOR , Authentication failure May 20 16:01:00 falcov su(pam_unix)[27794]: session opened for user news by (uid=0) There is nothing in the log for May 20 15:49:28... As I look through the log file, there are a lot of different FTP sessions opened by something called ftpd. I did a search on yahoo.com and redhat.com for in.ftpd and each search that came up involved WU-FTP. I do have WU-FTP running. Is there a setting in WU-FTP to attempt to connect to various computers on the network or something? Is so is there a way I can stop it form doing it? I have no idea why my computer is trying to FTP out onto other computers I don't even know. Anyone have an idea on whats going on...? Any help would be appreciated. Thanks, zimm _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
