Is someone trying to peek in to server ???
Hello All,
Today I checked my xferlogs and i found these lines in large number in that. Wed Jul 14 06:07:18 2004 0 x.x.x.x 45 /home/catchfil/public_html/images/doted1.gif b _ i r catchfil ftp 1 * c Wed Jul 14 06:07:24 2004 0 x.x.x.x 871 /home/catchfil/public_html/images/text_work.gif b _ i r catchfil ftp 1 * c Wed Jul 14 06:07:18 2004 0 x.x.x.x 45 /home/catchfil/public_html/images/doted1.gif b _ i r catchfil ftp 1 * c Wed Jul 14 06:07:24 2004 0 x.x.x.x 871 /home/catchfil/public_html/images/text_work.gif b _ i r catchfil ftp 1 * c what are these logs sayinf about ftp of that domain?I am also giving my messgaes say : here i am giving some messgaes i notices: Jul 3 14:00:36 server named[458]: denied AXFR from [128.232.0.31].44650 for "AUTOSURFERCASH.COM" (not master/slave) Jul 3 14:00:37 server named[458]: denied AXFR from [128.232.0.31].44655 for "AUTOSURFERCASH.COM" (not master/slave) others are Jul 9 00:24:29 server proftpd[495]: server.xxx.com - received SIGHUP -- master server rehashing configuration file ********** After that I see Jul 8 06:41:12 server named[458]: reloading nameserver Jul 8 06:41:12 server named[458]: Ready to answer queries. Jul 8 06:41:44 server named[458]: reloading nameserver Jul 8 06:41:44 server named[458]: Ready to answer queries. Jul 8 06:48:20 server su: admin to root on /dev/ttyp0 Jul 8 07:05:19 server named[458]: reloading nameserver Jul 8 07:05:19 server named[458]: Ready to answer queries. Jul 8 07:06:05 server named[458]: reloading nameserver Jul 8 07:06:05 server named[458]: master zone "abc.com" (IN) removed Jul 8 07:06:05 server named[458]: Ready to answer queries. Jul 8 07:06:05 server proftpd[495]: server.xxx.com - received SIGHUP -- master server rehashing configuration file The anonymous ftp is already disabled.I think someone is trying to hack the server.Or what are all these messages. Please help thank you. |
Those proftpd logs look to me like somebody uploaded some files. I believe the lowercase i you're seeing on each line stands for "in" which means it was uploaded.
I don't know anything about named. |
Jul 3 14:00:36 server named[458]: denied AXFR from [128.232.0.31].44650 for "AUTOSURFERCASH.COM" (not master/slave)
You are running a nameserver that is accepting querys from the internet. If you don't want people to query it then stop running a nameserver or don't leave it accessable from the internet. This may cause whatever domain name it is answering querys for to stop working. That ip address has the reverse dns name dns-probe.srg.cl.cam.ac.uk. REad the website at that address for more information. |
All times are GMT -5. The time now is 06:14 PM. |