Kind of a serious issue here.

I am running vsftpd on FD6. Its a small private server, and I use it for school for transfering documents when needed.

I use the server monitor gkrellm and have noticed that late at night someone logs on, and I see eth1 activity which leads me to believe they are downloading. Sometimes I think he logs on twice concurrently from the same location. This really bothers me, as I keep track of everybody who knows about the server.

I tracerouted the IP address of the person and they are in China (I am in Philadelphia)

BUT! When I go into the vsftpd.log there are no entries...and I know of no other logs.

I only have one user authorized to log on, and I changed his password many times...still this user has longged on.

I am a bit of a novice, and I really would appreciate some help on what to do here. Thank you very much.

Is anonymous logins disabled? ethernet activity doesn't necessarily mean someone is logging on thru FTP or the like.. what do your logs tell you?

My logs do not record any of the unauthorized connections...only my own.

What would really be great is if I could see a log of all attempted logon attempts...something other than vsftpd.log

Check /var/log/messages but what I think your seeing is not specific to FTP login attempts.

In any case, there are script kiddies that will hit any publicly accessible computer to attempt to login. I literally get thousands of hits or attempts on ssh on port 22 on my servers.

I am glad you mentioned that. Since turning off my FTP service I am now getting hits on my SSH. So am I to gather that attempts on these things are common place, and that I shouldnt get all bent outta shape?

Here are a few lines from my messages file...I have no idea what Im looking at...care to explain?

Mar 23 10:27:09 Sandy kernel: 4gb seg fixup, process beagled (pid 3159), cs:ip 73:0811853f
Mar 23 10:27:09 Sandy kernel: 4gb seg fixup, process beagled (pid 3159), cs:ip 73:0083d8f9


Oh and yes Anon ftp is off


He he...your page is the best buy the way