LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-14-2004, 08:23 AM   #1
apache
Member
 
Registered: Jun 2004
Posts: 37

Rep: Reputation: 15
Is someone trying to peek in to server ???


Hello All,
Today I checked my xferlogs and i found these lines in large number in that.
Wed Jul 14 06:07:18 2004 0 x.x.x.x 45 /home/catchfil/public_html/images/doted1.gif b _ i r catchfil ftp 1 * c
Wed Jul 14 06:07:24 2004 0 x.x.x.x 871 /home/catchfil/public_html/images/text_work.gif b _ i r catchfil ftp 1 * c
Wed Jul 14 06:07:18 2004 0 x.x.x.x 45 /home/catchfil/public_html/images/doted1.gif b _ i r catchfil ftp 1 * c
Wed Jul 14 06:07:24 2004 0 x.x.x.x 871 /home/catchfil/public_html/images/text_work.gif b _ i r catchfil ftp 1 * c

what are these logs sayinf about ftp of that domain?I am also giving my messgaes say :
here i am giving some messgaes i notices:
Jul 3 14:00:36 server named[458]: denied AXFR from [128.232.0.31].44650 for "AUTOSURFERCASH.COM" (not master/slave)
Jul 3 14:00:37 server named[458]: denied AXFR from [128.232.0.31].44655 for "AUTOSURFERCASH.COM" (not master/slave)


others are
Jul 9 00:24:29 server proftpd[495]: server.xxx.com - received SIGHUP -- master server
rehashing configuration file
**********
After that I see
Jul 8 06:41:12 server named[458]: reloading nameserver
Jul 8 06:41:12 server named[458]: Ready to answer queries.
Jul 8 06:41:44 server named[458]: reloading nameserver
Jul 8 06:41:44 server named[458]: Ready to answer queries.
Jul 8 06:48:20 server su: admin to root on /dev/ttyp0
Jul 8 07:05:19 server named[458]: reloading nameserver
Jul 8 07:05:19 server named[458]: Ready to answer queries.
Jul 8 07:06:05 server named[458]: reloading nameserver
Jul 8 07:06:05 server named[458]: master zone "abc.com" (IN) removed
Jul 8 07:06:05 server named[458]: Ready to answer queries.
Jul 8 07:06:05 server proftpd[495]: server.xxx.com - received SIGHUP -- master server
rehashing configuration file

The anonymous ftp is already disabled.I think someone is trying to hack the server.Or what are all these messages.
Please help
thank you.
 
Old 07-14-2004, 08:57 AM   #2
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
Those proftpd logs look to me like somebody uploaded some files. I believe the lowercase i you're seeing on each line stands for "in" which means it was uploaded.

I don't know anything about named.
 
Old 07-16-2004, 04:44 AM   #3
zaphodiv
Member
 
Registered: Oct 2003
Distribution: Slackware
Posts: 388

Rep: Reputation: 30
Jul 3 14:00:36 server named[458]: denied AXFR from [128.232.0.31].44650 for "AUTOSURFERCASH.COM" (not master/slave)

You are running a nameserver that is accepting querys from the internet. If you don't want people to query it then stop running a nameserver or don't leave it accessable from the internet. This may cause whatever domain name it is answering querys for to stop working.

That ip address has the reverse dns name dns-probe.srg.cl.cam.ac.uk. REad the website at that address for more information.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How the DNS-server is connected to work of a web-server and a mail-server? ukrainet Linux - Newbie 2 01-10-2005 09:18 PM
can we configure a Linux server with mail server,file server and web server kumarx Linux - Newbie 5 09-09-2004 06:21 AM
c++ stacks ---the peek method sachitha Programming 3 08-30-2004 05:13 AM
Govts queue up for peek at Microsoft Windows code arunshivanandan General 2 08-12-2003 10:17 AM
A peek into one of my IT meetings. Whitehat General 3 08-05-2003 11:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration