Community Forums
Connect with us on LinkedIn
Community Notice
Is someone peeking in ????Someone is trying to crack server!!!
  
+ Reply to Thread
Results 1 to 2 of 2
  1. 07-14-2004 09:22 AM #1
    atul
    atul is offline
    Member
    Join Date
    May 2004
    Posts
    52

    Default Is someone peeking in ????Someone is trying to crack server!!!

    Hello All,
    Today I checked my xferlogs and i found these lines in large number in that.
    Wed Jul 14 06:07:18 2004 0 x.x.x.x 45 /home/catchfil/public_html/images/doted1.gif b _ i r catchfil ftp 1 * c
    Wed Jul 14 06:07:24 2004 0 x.x.x.x 871 /home/catchfil/public_html/images/text_work.gif b _ i r catchfil ftp 1 * c
    Wed Jul 14 06:07:18 2004 0 x.x.x.x 45 /home/catchfil/public_html/images/doted1.gif b _ i r catchfil ftp 1 * c
    Wed Jul 14 06:07:24 2004 0 x.x.x.x 871 /home/catchfil/public_html/images/text_work.gif b _ i r catchfil ftp 1 * c

    what are these logs sayinf about ftp of that domain?I am also giving my messgaes say :
    here i am giving some messgaes i notices:
    Jul 3 14:00:36 server named[458]: denied AXFR from [128.232.0.31].44650 for "AUTOSURFERCASH.COM" (not master/slave)
    Jul 3 14:00:37 server named[458]: denied AXFR from [128.232.0.31].44655 for "AUTOSURFERCASH.COM" (not master/slave)


    others are
    Jul 9 00:24:29 server proftpd[495]: server.xxx.com - received SIGHUP -- master server
    rehashing configuration file
    **********
    After that I see
    Jul 8 06:41:12 server named[458]: reloading nameserver
    Jul 8 06:41:12 server named[458]: Ready to answer queries.
    Jul 8 06:41:44 server named[458]: reloading nameserver
    Jul 8 06:41:44 server named[458]: Ready to answer queries.
    Jul 8 06:48:20 server su: admin to root on /dev/ttyp0
    Jul 8 07:05:19 server named[458]: reloading nameserver
    Jul 8 07:05:19 server named[458]: Ready to answer queries.
    Jul 8 07:06:05 server named[458]: reloading nameserver
    Jul 8 07:06:05 server named[458]: master zone "abc.com" (IN) removed
    Jul 8 07:06:05 server named[458]: Ready to answer queries.
    Jul 8 07:06:05 server proftpd[495]: server.xxx.com - received SIGHUP -- master server
    rehashing configuration file

    The anonymous ftp is already disabled.I think someone is trying to hack the server.Or what are all these messages.
    Please help
    thank you.
    Reply With Quote Reply With Quote
  2. 07-14-2004 11:55 AM #2
    chirpy
    chirpy is offline
    Super Moderator This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,495

    Default

    Everything you've quoted looks perfectly normal to me. The first logi shows someone uploading some files via FTP. The second shows an unsuccessful DNS AXFR request. The third shows BIND/proftpd stopping and restarting. On their own they mean absolutely nothing unusual.
    Jonathan Michaelson

    Need your cPanel servers secured and tuned?
    cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
    Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
    http://www.configserver.com
    Reply With Quote Reply With Quote
«   apache 2 on cpanel? | apache 2.0? »     
Similar Threads & Tags
Similar threads

  1. HACK CRACK! important!!
    By Creazioni in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 04-14-2003, 01:15 PM
  2. crack or bug
    By ehsan in forum cPanel and WHM Discussions
    Replies: 6
    Last Post: 06-26-2002, 12:10 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube