LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-19-2006, 07:34 PM   #1
pdeman2
Member
 
Registered: Jul 2005
Location: Maine, USA
Distribution: OpenSUSE, Gentoo, Fedora, Ubuntu, Mandriva, others
Posts: 413

Rep: Reputation: 30
Weirdness with ProFTPd and Logwatch: hacked?


This morning, I read my logwatch message for my server, there was some interesting entries under the ProFTPd section. I looked at it a while, but I can't really figure out the whole thing.

Here are the entries:
Code:
----------- proftpd-messages Begin -------------- 

 
 **Unmatched Entries**
 <My Hostname> - received SIGHUP -- master server rehashing
configuration file 
 IPv6 getaddrinfo '<My Domain>' error: Name or service not known 
 <My Hostname> - error setting IPV6_V6ONLY: Protocol not available
 <My Hostname> - received SIGHUP -- master server rehashing
configuration file 
 IPv6 getaddrinfo '<My Domain>' error: Name or service not known 
 <My Hostname> - error setting IPV6_V6ONLY: Protocol not available
 <My Domain> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 <My Hostname> (::ffff:210.240.212.199[::ffff:210.240.212.199])
- error setting SO_OOBINLINE: Socket operation on non-socket 
 
 ------------ proftpd-messages End ---------------
After I saw these messages, I tried to connect to my FTP server and got an error 500. I shutdown my FTP server, because I don't need it for anything, but still, I'm curious about this.
 
Old 06-19-2006, 08:15 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Not hacked enough*, I would guess: if you run Proftpd < 1.3.0rc4 then you could try upgrading.

*which of course is in reference to your title as it's not "hacked" (good) but "cracked" (bad) and there's nothing wrong with Logwatch.
 
Old 06-19-2006, 09:34 PM   #3
pdeman2
Member
 
Registered: Jul 2005
Location: Maine, USA
Distribution: OpenSUSE, Gentoo, Fedora, Ubuntu, Mandriva, others
Posts: 413

Original Poster
Rep: Reputation: 30
Yeah yeah, I know. But what exactly are those entries saying?
 
Old 06-19-2006, 09:59 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
But what exactly are those entries saying?
0. Exactly what it says: it's "asked" to reread the config,
1. go read the Proftpd FAQ.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Logwatch winchester169 Linux - Security 1 10-21-2004 10:18 AM
***logwatch*** LinuxRam Linux - General 1 08-25-2004 05:09 AM
ProFTPd & Logwatch Athon Solo Linux - Software 0 07-05-2004 04:20 AM
Disabling the chroot in proftpd and enabling root logins on ssh/proftpd jon_k Linux - Software 1 06-16-2004 11:27 AM
proftpd --- need help? could someone post a working proftpd.conf i could look at ZooRoPa Linux - Networking 1 04-02-2003 07:56 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration