Date: Fri, 10 Oct 2003 12:03:20 -0500 From: Redmond Militante <r-militante@northwestern.edu> To: freebsd-questions@freebsd.org Subject: weird ftp-related logcheck msgs Message-ID: <20031010170320.GB44852@darkpossum>
next in thread | raw e-mail | index | archive | help
--2B/JsCI69OhZNC5r Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable hi all the last couple of days, i've noticed strange security notifications sent t= o the root user of one of my boxen. this box is running proftpd as an ftp = server. the messages appear whenever somebody authenticates via ftp. most= often, it's me ftp'ing to the machine, so it's probably not someone doing = something malicious (just in case, i ran chkrootkit and yafic, which turn u= p clean...) the messages look like Oct 10 11:27:06 server proftpd[45750]: server.com +(my.box.com[129.xxx.xx.xx]) - PAM(secure): Permission denied. Oct 10 11:17:25 server sendmail[45703]: h9AGHPbK045703: h9AGHPbL045703: DSN= : To:... List:; +syntax illegal for recipient addresses Oct 10 11:17:41 server sendmail[45708]: h9AGHfPB045708: h9AGHfPC045708: DSN= : To:... List:; +syntax illegal for recipient addresses Oct 10 11:18:43 server sendmail[45715]: h9AGIhBK045715: h9AGIhBL045715: DSN= : To:... List:; +syntax illegal for recipient addresses Oct 10 11:19:13 server sendmail[45720]: h9AGJDEV045720: h9AGJDEW045720: DSN= : To:... List:; +syntax illegal for recipient addresses Oct 10 11:19:29 server sendmail[45725]: h9AGJTMA045725: h9AGJTMB045725: DSN= : To:... List:; +syntax illegal for recipient addresses Oct 10 11:19:56 server sendmail[45730]: h9AGJuBg045730: h9AGJuBh045730: DSN= : To:... List:; +syntax illegal for recipient addresses i'm not sure what to make of these messages. ftp still seems to work (fyi = - i upgraded to the latest version of proftpd today - 1.2.8 stable, didn't = fix the situation though), my server is=20 FreeBSD server.com 4.7-RELEASE-p23 FreeBSD 4.7-RELEASE-p23 #0: Fri Oct 3 2= 1:37:09 CDT 2003 if anyone can shed some light, i'd really appreciate it... thanks again redmond --=20 FreeBSD 5.1-RELEASE-p10 FreeBSD 5.1-RELEASE-p10 #0: Fri Oct 3 21:30:51 CDT = 2003 11:45AM up 5 days, 2:01, 2 users, load averages: 0.82, 0.51, 0.48 =20 Oh, wow! Look at the moon! =20 --2B/JsCI69OhZNC5r Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/huZY7g+NJl/fSB0RAlz4AJ94GIxWx1r7CXokgUu5hKUvXIBh4QCg08v/ FdkUVUGkMI7Cy7ofRDPDvWA= =hVjy -----END PGP SIGNATURE----- --2B/JsCI69OhZNC5r--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031010170320.GB44852>