From owner-freebsd-questions@FreeBSD.ORG Sat Dec 11 04:59:27 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 364761065670 for ; Sat, 11 Dec 2010 04:59:27 +0000 (UTC) (envelope-from ryan.coleman@cwis.biz) Received: from server.cwis.biz (70-89-202-5-invergrove-mn.hfc.comcastbusiness.net [70.89.202.5]) by mx1.freebsd.org (Postfix) with ESMTP id E2FBD8FC12 for ; Sat, 11 Dec 2010 04:59:26 +0000 (UTC) Received: from server.cwis.biz (localhost [127.0.0.1]) by server.cwis.biz (Postfix) with ESMTP id D998A26297E4; Fri, 10 Dec 2010 22:59:28 -0600 (CST) X-Virus-Scanned: amavisd-new at cwis.biz Received: from server.cwis.biz ([127.0.0.1]) by server.cwis.biz (server.cwis.biz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id faQhHrWuHu9e; Fri, 10 Dec 2010 22:59:26 -0600 (CST) Received: from [10.0.1.5] (70-89-202-1-invergrove-mn.hfc.comcastbusiness.net [70.89.202.1]) by server.cwis.biz (Postfix) with ESMTPSA id C606F26297E3; Fri, 10 Dec 2010 22:59:26 -0600 (CST) Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: Ryan Coleman X-Priority: 3 In-Reply-To: <92849C6B31FD4396BBF187F9A6A9E655@GRANTLAPTOP> Date: Fri, 10 Dec 2010 22:59:23 -0600 Content-Transfer-Encoding: quoted-printable Message-Id: References: <1560F156-B3C8-4986-980C-8B6175C49683@d3photography.com><740D0EA5-1F2A-486C-B231-11F25BB3AC59@cwis.biz> <4D029FF2.9020305@nrdx.com> <92849C6B31FD4396BBF187F9A6A9E655@GRANTLAPTOP> To: Grant Peel X-Mailer: Apple Mail (2.1082) Cc: Jerry Bell , freebsd-questions@freebsd.org Subject: Re: Runaway ProFTP? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2010 04:59:27 -0000 I have not been able to get portsnap to work at all today. On Dec 10, 2010, at 10:53 PM, Grant Peel wrote: > ----- Original Message ----- From: "Jerry Bell" > To: > Sent: Friday, December 10, 2010 4:47 PM > Subject: Re: Runaway ProFTP? >=20 >=20 >> I have been having this happen a few times per week for the past few = weeks. I believe it is caused by someone attacking proftpd. I noticed = today that there is an updated version - 1.3.3c that fixes a = vulnerability that they may have been trying to exploit. >>=20 >> When I looked at the process list, I would see around 20 proftpd's, = each with a high amount of CPU used, and connected to a specific IP. = I'd firewall off those IPs and kill off proftpd/restart. Knock on wood, = I have not had that happen since upgrading to 1.3.3c, but that may just = be because no one has tried again yet. >>=20 >> Jerry >> On 12/10/2010 4:39 PM, Ryan Coleman wrote: >>> Does anyone have any ideas? >>>=20 >>> On Dec 9, 2010, at 3:12 PM, Ryan Coleman wrote: >>>=20 >>>> Dear list, >>>>=20 >>>> Has anyone else had experience with ProFTP 1.3.3a running away with = processes? I installed it about 2 months ago with a new server build and = over the course of the last three weeks I've had to forcibly kill, wait = and restart the service every one-to-three days and sucking up between = 20% and 80% of my system resources. >>>>=20 >>>> I've attempted to change the logging in hopes to track down what is = causing the problems but I have not been successful. Additionally it = won't connect after a restart through Filezilla but using Terminal on my = MBP it will connect in the CLI. >>>>=20 >>>> It's not the end of the world (for me) but it is for my staff when = they have to upload large numbers of photos. >>>>=20 >>>> Thanks, >>>> Ryan >>>>=20 >>>> _______________________________________________ >>>> freebsd-questions@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>> To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" >>=20 >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" >>=20 >=20 > Indeed, this Proftpd 1.3.3a vulnerability is exactly what my post on = upgrading a single port is all about. I can say for a fact that the = botnets are trying to use the vulnerability and that you are quite = correct that the CPU / ZOMBIE processes are exploit related. >=20 > I just upgraded today and so far so good. >=20 > \FYI for anyone that is following my thread on updating one single = port: I must have a somwhat busted installation. Using port upgrade = failed ... sorry I did not remember to keep the output, but, I was able = to download the source from proftpd.org and install it from scratch. >=20 > -Grant=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"