127.0.0.1 cpanel_service keeps connecting to pure-ftpd

[Drake]

Hi All,

We've been watching log files like a hawk, because we just got rid of a Dark Mail cgi issue that was caused by a customer's office PC being infected, probably with a keylogger trojan.

Not seeing any more of the numerous customer user-name login, upload, delete, logout stuff anymore.


But, I'm seeing localhost connecting to and disconnecting from pure-ftpd every few minutes or so.

Can any CPanel Guru tell me what I'm seeing here?? I'd like to know if this is a security issue or not or from chkservd service monitor.

Here's a sample [INFO] from /var/log/messages:

Feb 21 06:13:59 server05 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1

Feb 21 06:14:10 server05 pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__597SyxVkJFdyV3dd2OK822c5mMLRsV3CCpJ_4q0
wsdozSkyaDDIHm5bhcwZKEhKt is now logged in

Feb 21 06:14:11 server05 pure-ftpd: (__cpanel__service__auth__ftpd__597SyxVkJFdyV3dd2OK822c5mMLRsV3CCpJ_4q0wsdozSkyaDDIHm5bhcwZ
[email protected]) [INFO] Logout.


Thanks much,
~Drake

 

[Infopro]

Nothing to worry about.


http://forums.cpanel.net/f5/constant-pure-ftpd-new-connection-127-0-0-1-messages-73506.html
http://forums.cpanel.net/f5/pure-ft..._service__auth__ftpd__-now-logged-131141.html
http://forums.cpanel.net/f5/pure-ftpd-127-0-0-1-info-__cpanel__service__auth__ftpd-103069.html

HTH.