Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
We have been running a vsftpd daemon on our
server for several years without problems.
In the last few days the vsftpd has started firing
up mulitple sub-processes. This results in large
amounts of traffic on our network. No configuration
changes have been made to the server in many months.
1) Is this a DOS or a problem with vsftpd
2) Can I prevent this from recurring?
Env:
Redhat Linux Release 9
2.4.20-30.9
Yes. Its way old! Nothing I can do about that.
Can you see from the logs what those processes are doing? Tie them to connection recs in /var/log/messages? Try getting the firewall to log connections to that port (21). That should show you if you're getting hammered by script kiddies/botnets.
Just to point out that anything that old is ripe for exploits ie hasn't had a security update in years ... maybe this will turn out to be the requirement you can take to the boss to justify running a current system.
Thanks for the replies.
Well. The server is a public Anonymous ftp server.
It is common for it to get requests from IPs all
over the world. To answer suhas!'s question:
yes some of the IPs generate way too many connections
>10 in some cases. Is there a vsftpd.config entry
to limit the number of concurrent connections from
one IP?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
