The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

127.0.0.1 cpanel_service keeps connecting to pure-ftpd

Discussion in 'Security' started by Drake, Feb 21, 2010.

  1. Drake

    Drake Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Hi All,

    We've been watching log files like a hawk, because we just got rid of a Dark Mail cgi issue that was caused by a customer's office PC being infected, probably with a keylogger trojan.

    Not seeing any more of the numerous customer user-name login, upload, delete, logout stuff anymore.


    But, I'm seeing localhost connecting to and disconnecting from pure-ftpd every few minutes or so.

    Can any CPanel Guru tell me what I'm seeing here?? I'd like to know if this is a security issue or not or from chkservd service monitor.

    Here's a sample [INFO] from /var/log/messages:

    Feb 21 06:13:59 server05 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1

    Feb 21 06:14:10 server05 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__597SyxVkJFdyV3dd2OK822c5mMLRsV3CCpJ_4q0
    wsdozSkyaDDIHm5bhcwZKEhKt is now logged in

    Feb 21 06:14:11 server05 pure-ftpd: (__cpanel__service__auth__ftpd__597SyxVkJFdyV3dd2OK822c5mMLRsV3CCpJ_4q0wsdozSkyaDDIHm5bhcwZ
    KEhKt@127.0.0.1) [INFO] Logout.


    Thanks much,
    ~Drake
     
    #1 Drake, Feb 21, 2010
    Last edited: Feb 21, 2010
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:

Share This Page