Author Topic: vsftpd security breach?  (Read 209 times)

Offline na71v3

  • Member
  • **
  • Posts: 5
vsftpd security breach?
« on: January 09, 2017, 02:03:30 PM »
Hi I have a question. I was looking at my system logs and noticed a weird string of logins.

Jan 8 23:50:06 Tower vsftpd[2219]: connect from 213.230.72.57 (213.230.72.57)

There are a few more from random IP's from all over. Does this mean someone was able to log in or just attempted to log in? Please any advice would be great. Thank you.

Online Squid

  • Community Developer
  • Hero Member
  • *****
  • Posts: 8082
  • Don Juan Prawn
Re: vsftpd security breach?
« Reply #1 on: January 09, 2017, 02:18:28 PM »
Whether it was successful or not, the mere fact that someone attempted to login to your server from Uzbekistan isn't a good thing.

If you need to access your server via the internet, use a VPN.  If you need to use a FTP server, then use something like ProFTPd instead of the built-in.

Close the ports you've opened up in the router to your server and/or take it out of the DMZ


Offline na71v3

  • Member
  • **
  • Posts: 5
Re: vsftpd security breach?
« Reply #2 on: January 09, 2017, 02:32:42 PM »
I have closed the port and just disabled FTP in general. I just want to know if anything was accessed. How would I be able to tell?

Online Squid

  • Community Developer
  • Hero Member
  • *****
  • Posts: 8082
  • Don Juan Prawn
Re: vsftpd security breach?
« Reply #3 on: January 09, 2017, 02:35:58 PM »
It looks like you would have had to enable the logs in vsftpd.conf

http://www.linuxquestions.org/questions/linux-software-2/vsftpd-logs-185735/