are danger "shadowserver.org" ? (they loged into my server FTP?)

[000]

hello,
this means 184.105.247.196 (scan-15.shadowserver.org) loged into my server:

[[email protected] ~]# journalctl --no-pager | grep 184.105.247.196
Jun 20 12:42:14 pepsi pure-ftpd[12804]: ([email protected]) [INFO] New connection from 184.105.247.196
Jun 20 12:42:15 pepsi pure-ftpd[12804]: ([email protected]) [INFO] TLS: Enabled TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256, 128 secret bits cipher
Jun 20 12:42:16 pepsi pure-ftpd[12804]: ([email protected]) [INFO] Logout.
[[email protected] ~]#

???

if yes, how I fix my IPTABLES rules?
if no, then what means the previous records?

 

[quietFinn]

hello,
this means 184.105.247.196 (scan-15.shadowserver.org) loged into my server:

[[email protected] ~]# journalctl --no-pager | grep 184.105.247.196
Jun 20 12:42:14 Ipc pure-ftpd[12804]: ([email protected]) [INFO] New connection from 184.105.247.196
Jun 20 12:42:15 Ipc pure-ftpd[12804]: ([email protected]) [INFO] TLS: Enabled TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256, 128 secret bits cipher
Jun 20 12:42:16 Ipc pure-ftpd[12804]: ([email protected]) [INFO] Logout.
[[email protected] ~]#

???

if yes, how I fix my IPTABLES rules?
if no, then what means the previous records?

They connected to your server using FTP protocol, but they did not even try to log in.

I suggest you install CSF:

ConfigServer Security and Firewall (csf) – ConfigServer Services

www.configserver.com

 

[000]

They connected to your server using FTP protocol, but they did not even try to log in.

I suggest you install CSF:

ConfigServer Security and Firewall (csf) – ConfigServer Services

www.configserver.com

Thanks master @quietFinn, and they are ... dangerous?, why they snooping our network?

 

[quietFinn]

Thanks master @quietFinn, and they are ... dangerous?, why they snooping our network?

What happened there is called "port scanning", they are checking what ports are open. That itself is not dangerous, but it's dangerous if they are able to log in.
If you don't need FTP, disable it and close port 21, otherwise make sure you disable anonymous & root logins in FTP settings, and make sure every user in your server has strong password.

 

[000]

What happened there is called "port scanning", they are checking what ports are open. That itself is not dangerous, but it's dangerous if they are able to log in.
If you don't need FTP, disable it and close port 21, otherwise make sure you disable anonymous & root logins in FTP settings, and make sure every user in your server has strong password.

oh quite the opposite, I couldn't get the FTP to work.

I have cPanel + CSF + CentOS 8 + PureFTP

I doit:

1// https://download.configserver.com/csf/readme.txt (#13)
2// How to Enable FTP Passive Mode - cPanel Knowledge Base - cPanel Documentation

and restart all, but FTP answer is:

Timeout detected. (data connection)
Could not retrieve directory listing
Error listing directory '/public_html'.

some idea please?

 

[quietFinn]

in /etc/pure-ftpd.conf there is line:
PassivePortRange 49152 65534
Did you open ports 49152 -65534?

Also are you using FileZilla?

 

[000]

in /etc/pure-ftpd.conf there is line:
PassivePortRange 49152 65534
Did you open ports 49152 -65534?

Also are you using FileZilla?

Thanks,

in /etc/csf/csf.conf this is my line TCP_IN:

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,8443,30000:35000"

and just below I add line:

PassivePortRange    30000 35000

also I create the file /var/cpanel/conf/pureftpd/local with:

ForcePassiveIP: My.IP

PassivePortRange: 49152 65534

 

[quietFinn]

You open ports 30000-35000, but PassivePortRange: 49152 65534, that is not going to work. They must be the same.

 

[000]

...Also are you using FileZilla?

ah!, thanks by open my ices, with your help I change the file /var/cpanel/conf/pureftpd/local with:

ForcePassiveIP: My.IP

PassivePortRange: 30000 35000

and now ALL connect fine:

1. FileZilla-3.54.1
2. WinSCP-5.19-Portable
3. NicoFtp3

Many thanks master @quietFinn now I can sleep...




in my city is 03:00

what time in your side?