Date: Fri, 10 Oct 2003 12:03:20 -0500 From: Redmond Militante <r-militante@northwestern.edu> To: freebsd-questions@freebsd.org Subject: weird ftp-related logcheck msgs Message-ID: <20031010170320.GB44852@darkpossum>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] hi all the last couple of days, i've noticed strange security notifications sent to the root user of one of my boxen. this box is running proftpd as an ftp server. the messages appear whenever somebody authenticates via ftp. most often, it's me ftp'ing to the machine, so it's probably not someone doing something malicious (just in case, i ran chkrootkit and yafic, which turn up clean...) the messages look like Oct 10 11:27:06 server proftpd[45750]: server.com +(my.box.com[129.xxx.xx.xx]) - PAM(secure): Permission denied. Oct 10 11:17:25 server sendmail[45703]: h9AGHPbK045703: h9AGHPbL045703: DSN: To:... List:; +syntax illegal for recipient addresses Oct 10 11:17:41 server sendmail[45708]: h9AGHfPB045708: h9AGHfPC045708: DSN: To:... List:; +syntax illegal for recipient addresses Oct 10 11:18:43 server sendmail[45715]: h9AGIhBK045715: h9AGIhBL045715: DSN: To:... List:; +syntax illegal for recipient addresses Oct 10 11:19:13 server sendmail[45720]: h9AGJDEV045720: h9AGJDEW045720: DSN: To:... List:; +syntax illegal for recipient addresses Oct 10 11:19:29 server sendmail[45725]: h9AGJTMA045725: h9AGJTMB045725: DSN: To:... List:; +syntax illegal for recipient addresses Oct 10 11:19:56 server sendmail[45730]: h9AGJuBg045730: h9AGJuBh045730: DSN: To:... List:; +syntax illegal for recipient addresses i'm not sure what to make of these messages. ftp still seems to work (fyi - i upgraded to the latest version of proftpd today - 1.2.8 stable, didn't fix the situation though), my server is FreeBSD server.com 4.7-RELEASE-p23 FreeBSD 4.7-RELEASE-p23 #0: Fri Oct 3 21:37:09 CDT 2003 if anyone can shed some light, i'd really appreciate it... thanks again redmond -- FreeBSD 5.1-RELEASE-p10 FreeBSD 5.1-RELEASE-p10 #0: Fri Oct 3 21:30:51 CDT 2003 11:45AM up 5 days, 2:01, 2 users, load averages: 0.82, 0.51, 0.48 Oh, wow! Look at the moon! [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/huZY7g+NJl/fSB0RAlz4AJ94GIxWx1r7CXokgUu5hKUvXIBh4QCg08v/ FdkUVUGkMI7Cy7ofRDPDvWA= =hVjy -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031010170320.GB44852>