The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is someone peeking in ????Someone is trying to crack server!!!

Discussion in 'General Discussion' started by atul, Jul 14, 2004.

  1. atul

    atul Well-Known Member

    Joined:
    May 6, 2004
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Hello All,
    Today I checked my xferlogs and i found these lines in large number in that.
    Wed Jul 14 06:07:18 2004 0 x.x.x.x 45 /home/catchfil/public_html/images/doted1.gif b _ i r catchfil ftp 1 * c
    Wed Jul 14 06:07:24 2004 0 x.x.x.x 871 /home/catchfil/public_html/images/text_work.gif b _ i r catchfil ftp 1 * c
    Wed Jul 14 06:07:18 2004 0 x.x.x.x 45 /home/catchfil/public_html/images/doted1.gif b _ i r catchfil ftp 1 * c
    Wed Jul 14 06:07:24 2004 0 x.x.x.x 871 /home/catchfil/public_html/images/text_work.gif b _ i r catchfil ftp 1 * c

    what are these logs sayinf about ftp of that domain?I am also giving my messgaes say :
    here i am giving some messgaes i notices:
    Jul 3 14:00:36 server named[458]: denied AXFR from [128.232.0.31].44650 for "AUTOSURFERCASH.COM" (not master/slave)
    Jul 3 14:00:37 server named[458]: denied AXFR from [128.232.0.31].44655 for "AUTOSURFERCASH.COM" (not master/slave)


    others are
    Jul 9 00:24:29 server proftpd[495]: server.xxx.com - received SIGHUP -- master server
    rehashing configuration file
    **********
    After that I see
    Jul 8 06:41:12 server named[458]: reloading nameserver
    Jul 8 06:41:12 server named[458]: Ready to answer queries.
    Jul 8 06:41:44 server named[458]: reloading nameserver
    Jul 8 06:41:44 server named[458]: Ready to answer queries.
    Jul 8 06:48:20 server su: admin to root on /dev/ttyp0
    Jul 8 07:05:19 server named[458]: reloading nameserver
    Jul 8 07:05:19 server named[458]: Ready to answer queries.
    Jul 8 07:06:05 server named[458]: reloading nameserver
    Jul 8 07:06:05 server named[458]: master zone "abc.com" (IN) removed
    Jul 8 07:06:05 server named[458]: Ready to answer queries.
    Jul 8 07:06:05 server proftpd[495]: server.xxx.com - received SIGHUP -- master server
    rehashing configuration file

    The anonymous ftp is already disabled.I think someone is trying to hack the server.Or what are all these messages.
    Please help
    thank you.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Everything you've quoted looks perfectly normal to me. The first logi shows someone uploading some files via FTP. The second shows an unsuccessful DNS AXFR request. The third shows BIND/proftpd stopping and restarting. On their own they mean absolutely nothing unusual.
     
Loading...

Share This Page