Well, just try these yourself first before getting all worried (login as anon or ftp). I think either you are misunderstanding the log or you have VSFTP setup wrong. I have vsftp running with anon off. It is running under xinetd with pretty much defaults for everything (SuSE 9.0). I did nothing fancy to set it up - no tcpwrappers or anything. Make sure VSFTP is actually the FTP that is running? If you config VSFTP, but SuSE is running another FTP server then of course anon may be active. Here is an extract from my /var/log/vsftp.log: Wed Feb 25 20:43:18 2004 [pid 8516] CONNECT: Client "172.180.168.56" Wed Feb 25 20:43:19 2004 [pid 8515] [anonymous] FAIL LOGIN: Client "172.180.168.56" Thu Feb 26 00:55:39 2004 [pid 9064] CONNECT: Client "61.218.12.93" Thu Feb 26 00:55:39 2004 [pid 9066] CONNECT: Client "61.218.12.93" Thu Feb 26 00:55:39 2004 [pid 9065] [ftp] FAIL LOGIN: Client "61.218.12.93" Thu Feb 26 01:19:02 2004 [pid 9106] CONNECT: Client "80.185.119.46" Thu Feb 26 01:19:03 2004 [pid 9105] [anonymous] FAIL LOGIN: Client "80.185.119.46" Thu Feb 26 01:28:21 2004 [pid 9108] CONNECT: Client "200.210.7.18" Thu Feb 26 19:34:07 2004 [pid 10580] CONNECT: Client "10.20.20.100" Thu Feb 26 19:34:07 2004 [pid 10579] [lynn] OK LOGIN: Client "10.20.20.100" I have 5-10 attempts to log into my system a month from (usually) Chinese ISPs who sublet ranges to other ISP who likely have dynamically assigned them out to others. The last "OK LOGIN" is me from another system on my local subnet. best regards - LynnL John wrote:
I have installed the VSFTP and i have comment all the anonymus section.
However searching the vsftp.log i discovered that some ip tried and logon to my system as USER anonymus with no password and USER ftp with no password.
However, these accounts leads to nowhere with no right, it quite dangerous for me.
Please i want your help to harden my security.
Thanks in advance.