On Wednesday 24 March 2004 18:16, Lynn wrote:
Well, just try these yourself first before getting all worried (login as anon or ftp). I think either you are misunderstanding the log or you have VSFTP setup wrong.
I have vsftp running with anon off. It is running under xinetd with pretty much defaults for everything (SuSE 9.0). I did nothing fancy to set it up - no tcpwrappers or anything. Make sure VSFTP is actually the FTP that is running? If you config VSFTP, but SuSE is running another FTP server then of course anon may be active.
Here is an extract from my /var/log/vsftp.log:
Wed Feb 25 20:43:18 2004 [pid 8516] CONNECT: Client "172.180.168.56" Wed Feb 25 20:43:19 2004 [pid 8515] [anonymous] FAIL LOGIN: Client "172.180.168.56" Thu Feb 26 00:55:39 2004 [pid 9064] CONNECT: Client "61.218.12.93" Thu Feb 26 00:55:39 2004 [pid 9066] CONNECT: Client "61.218.12.93" Thu Feb 26 00:55:39 2004 [pid 9065] [ftp] FAIL LOGIN: Client "61.218.12.93" Thu Feb 26 01:19:02 2004 [pid 9106] CONNECT: Client "80.185.119.46" Thu Feb 26 01:19:03 2004 [pid 9105] [anonymous] FAIL LOGIN: Client "80.185.119.46" Thu Feb 26 01:28:21 2004 [pid 9108] CONNECT: Client "200.210.7.18" Thu Feb 26 19:34:07 2004 [pid 10580] CONNECT: Client "10.20.20.100" Thu Feb 26 19:34:07 2004 [pid 10579] [lynn] OK LOGIN: Client "10.20.20.100"
I have 5-10 attempts to log into my system a month from (usually) Chinese ISPs who sublet ranges to other ISP who likely have dynamically assigned them out to others. The last "OK LOGIN" is me from another system on my local subnet.
Beware though, on the internet anonymous ftp is more secure than ftp with username and password, since regular ftp is in plain text. If you want security and authenticated logins, use sftp