Date: Tue, 14 Dec 2010 12:21:21 -0600 From: Ryan Coleman <ryan.coleman@cwis.biz> To: Ryan Coleman <ryan.coleman@cwis.biz> Cc: Grant Peel <gpeel@thenetnow.com>, Jerry Bell <jerry@nrdx.com>, freebsd-questions@freebsd.org Subject: Re: Runaway ProFTP? Message-ID: <0019FC51-383A-4CFB-80F2-F7BA42EB27B8@cwis.biz> In-Reply-To: <DB8C6E62-B32F-48DC-AB02-AA29E72E9B8C@cwis.biz> References: <1560F156-B3C8-4986-980C-8B6175C49683@d3photography.com><740D0EA5-1F2A-486C-B231-11F25BB3AC59@cwis.biz> <4D029FF2.9020305@nrdx.com> <92849C6B31FD4396BBF187F9A6A9E655@GRANTLAPTOP> <DB8C6E62-B32F-48DC-AB02-AA29E72E9B8C@cwis.biz>
next in thread | previous in thread | raw e-mail | index | archive | help
And it's fixed now... not sure what the deal was with portsnap but it = finally worked. I appreciate all the help. -- Ryan On Dec 10, 2010, at 10:59 PM, Ryan Coleman wrote: > I have not been able to get portsnap to work at all today. >=20 >=20 > On Dec 10, 2010, at 10:53 PM, Grant Peel wrote: >=20 >> ----- Original Message ----- From: "Jerry Bell" <jerry@nrdx.com> >> To: <freebsd-questions@freebsd.org> >> Sent: Friday, December 10, 2010 4:47 PM >> Subject: Re: Runaway ProFTP? >>=20 >>=20 >>> I have been having this happen a few times per week for the past few = weeks. I believe it is caused by someone attacking proftpd. I noticed = today that there is an updated version - 1.3.3c that fixes a = vulnerability that they may have been trying to exploit. >>>=20 >>> When I looked at the process list, I would see around 20 proftpd's, = each with a high amount of CPU used, and connected to a specific IP. = I'd firewall off those IPs and kill off proftpd/restart. Knock on wood, = I have not had that happen since upgrading to 1.3.3c, but that may just = be because no one has tried again yet. >>>=20 >>> Jerry >>> On 12/10/2010 4:39 PM, Ryan Coleman wrote: >>>> Does anyone have any ideas? >>>>=20 >>>> On Dec 9, 2010, at 3:12 PM, Ryan Coleman wrote: >>>>=20 >>>>> Dear list, >>>>>=20 >>>>> Has anyone else had experience with ProFTP 1.3.3a running away = with processes? I installed it about 2 months ago with a new server = build and over the course of the last three weeks I've had to forcibly = kill, wait and restart the service every one-to-three days and sucking = up between 20% and 80% of my system resources. >>>>>=20 >>>>> I've attempted to change the logging in hopes to track down what = is causing the problems but I have not been successful. Additionally it = won't connect after a restart through Filezilla but using Terminal on my = MBP it will connect in the CLI. >>>>>=20 >>>>> It's not the end of the world (for me) but it is for my staff when = they have to upload large numbers of photos. >>>>>=20 >>>>> Thanks, >>>>> Ryan >>>>>=20 >>>>> _______________________________________________ >>>>> freebsd-questions@freebsd.org mailing list >>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>>> To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" >>>> _______________________________________________ >>>> freebsd-questions@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>> To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" >>>=20 >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" >>>=20 >>=20 >> Indeed, this Proftpd 1.3.3a vulnerability is exactly what my post on = upgrading a single port is all about. I can say for a fact that the = botnets are trying to use the vulnerability and that you are quite = correct that the CPU / ZOMBIE processes are exploit related. >>=20 >> I just upgraded today and so far so good. >>=20 >> \FYI for anyone that is following my thread on updating one single = port: I must have a somwhat busted installation. Using port upgrade = failed ... sorry I did not remember to keep the output, but, I was able = to download the source from proftpd.org and install it from scratch. >>=20 >> -Grant=20 >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0019FC51-383A-4CFB-80F2-F7BA42EB27B8>