The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Access through FTP user??

Discussion in 'General Discussion' started by gvard, Feb 13, 2005.

  1. gvard

    gvard Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2003
    Messages:
    195
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Athens/GREECE
    cPanel Access Level:
    DataCenter Provider
    Hello,

    I had a site recently hacked within one of my servers. I typed the "last -a" command to see if he logged in via FTP/SSH and he did. The thing that surprises me is that I see and user "ftp" logged in through the same IP!!!

    What is going on here? The output I receive is:

    root@server [~]# last -a |grep ftp |more

    (snip-snip-snip)
    user* ftpd25955 Mon Feb 14 00:44 - 00:53 (00:08) 83.103.255.183
    ftp ftpd25627 Mon Feb 14 00:44 - 00:49 (00:05) 83.103.255.183
    (snip-snip-snip)

    *user = username of my user


    Any suggestions on what this problem is? I can't understand how he can login with a system user (ftp).


    Sincerely,

    George Vardikos
     
  2. gvard

    gvard Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2003
    Messages:
    195
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Athens/GREECE
    cPanel Access Level:
    DataCenter Provider
    Anyone please? :(
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Make sure that you have Anonymous FTP disabled in WHM - it uses the ftp account to allow logins and should always be disabled unless you have a specific need for it.
     
  4. gvard

    gvard Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2003
    Messages:
    195
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Athens/GREECE
    cPanel Access Level:
    DataCenter Provider
    Hello,

    Thank you for your reply. Anonymous FTP is disabled serverwide, so it's not that. It was my first thought.


    Thank you very much for your time though.
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's good. Which FTP daemon are you using? Also, have you check the configuration file to make sure that Anonymous FTP hasn't been left enabled despite the setting in WHM (I've seen that happen)?
     
Loading...

Share This Page