Hello, today I got about 50 messages like the following in /var/log/messages: Oct 7 10:11:51 gmv wu.ftpd[14694]: connect from 211.56.234.227 Oct 7 10:11:51 gmv ftpd[14694]: FTP session closed ... and it's still going on! What could be the deeper meaning, when someone it making connections the whole day long? Any hint is appreciated! Peter
WuFTPD has more security holes then a .... well actually it's in my top 10 for "most insecure software ever written and maintained". There are _several_ root hacks for it in this year alone. I wouldn't use WuFTPD if someone had a gun to my head.
P.S.: I'm running wu-2.4.2-academ[BETA-18](1)
Then it's time to shutdown the box, look for signs of intrusion and probably do a clean install. WuFTPD 2.6.1 is the latest, all previous versions have a variety of nasty security problems (like granting remote root access to attackers). ProFTPD. It's much better. http://www.proftpd.net/
-- Peter Münster
Kurt Seifried - seifried@securityportal.com SecurityPortal, your focal point for security on the net http://www.securityportal.com/