jahall
10-09-2000, 09:28 AM
On Friday morning when I came to work, I found the following on my Linux server's screen 213.46.104.70. There was no other description and pressing control-C put me back to the login prompt.
This mmorning when I came to work, I had the following on my screen 202.212.22.16. Again pressing control-C put me back to the login prompt.
Looking at /var/log/messages, I find the following entries that look suspicious.
Oct 2 00:58:02 monea2 ftpd[3929]: ANONYMOUS FTP LOGIN FROM rd244.isis.de [195.198.124.244]
Oct 2 00:58:07 monea2 ftpd[3929]: FTP session closed
Oct 3 19:09:56 monea2 ftpd[10882]: ANONYMOUS FTP LOGIN FROM 202.212.22.10 [202.212.22.10]
The second login session lasts for 9 minutes, but I cannot find any information on what was uploaded, downloaded, etc.
I was able to get the times from the xferlog file.
Any suggestions what I should be looking for? Anonymous FTP access has now been disbaled.
Thanks in advance for your assistance.
Jay
This mmorning when I came to work, I had the following on my screen 202.212.22.16. Again pressing control-C put me back to the login prompt.
Looking at /var/log/messages, I find the following entries that look suspicious.
Oct 2 00:58:02 monea2 ftpd[3929]: ANONYMOUS FTP LOGIN FROM rd244.isis.de [195.198.124.244]
Oct 2 00:58:07 monea2 ftpd[3929]: FTP session closed
Oct 3 19:09:56 monea2 ftpd[10882]: ANONYMOUS FTP LOGIN FROM 202.212.22.10 [202.212.22.10]
The second login session lasts for 9 minutes, but I cannot find any information on what was uploaded, downloaded, etc.
I was able to get the times from the xferlog file.
Any suggestions what I should be looking for? Anonymous FTP access has now been disbaled.
Thanks in advance for your assistance.
Jay