is this an attack ?

danilo lujambio Sat, 29 Mar 2003 08:01:17 -0600

Hi:

sorry by a large of the message , but I am not a security expert and I
have a ftp server secured with the directives that I found in general
docs. Yesterday my server was down at 19:30 aprox , the only suspicious
track that I found is :



18:59:06 web wu-ftpd[10527]: connect from 200.158.144.201
Mar 28 18:59:07 web wu-ftpd[10527]: USER anonymous
Mar 28 18:59:07 web wu-ftpd[10527]: PASS [EMAIL PROTECTED]
Mar 28 18:59:07 web wu-ftpd[10527]: USER anonymous
Mar 28 18:59:07 web wu-ftpd[10527]: PASS [EMAIL PROTECTED]
Mar 28 18:59:08 web wu-ftpd[10527]: TYPE Image
Mar 28 18:59:08 web wu-ftpd[10527]: STRU File
Mar 28 18:59:08 web wu-ftpd[10527]: TYPE Image
Mar 28 18:59:08 web wu-ftpd[10527]: STRU File
Mar 28 18:59:09 web wu-ftpd[10527]: MODE Stream
Mar 28 18:59:09 web wu-ftpd[10527]: REST 0
Mar 28 18:59:09 web wu-ftpd[10527]: REST 1
Mar 28 18:59:09 web wu-ftpd[10527]: MODE Stream
Mar 28 18:59:09 web wu-ftpd[10527]: REST 0
Mar 28 18:59:09 web wu-ftpd[10527]: REST 1
Mar 28 18:59:10 web wu-ftpd[10527]: SYST
Mar 28 18:59:10 web wu-ftpd[10527]: PASV
Mar 28 18:59:10 web wu-ftpd[10527]: SYST
Mar 28 18:59:10 web wu-ftpd[10527]: PASV
Mar 28 18:59:14 web wu-ftpd[10527]: TYPE ASCII
Mar 28 18:59:15 web wu-ftpd[10527]: LIST /
Mar 28 18:59:16 web wu-ftpd[10527]: CWD /bin
Mar 28 18:59:16 web wu-ftpd[10527]: PASV
Mar 28 18:59:16 web wu-ftpd[10527]: TYPE Image
Mar 28 18:59:16 web wu-ftpd[10527]: CWD /bin
Mar 28 18:59:16 web wu-ftpd[10527]: PASV
Mar 28 18:59:16 web wu-ftpd[10527]: TYPE Image
Mar 28 18:59:17 web wu-ftpd[10527]: ALLO 104154
Mar 28 18:59:17 web wu-ftpd[10527]: REST 0
Mar 28 18:59:17 web wu-ftpd[10527]: STOR 582.258
Mar 28 18:59:17 web wu-ftpd[10527]: ALLO 104154
Mar 28 18:59:17 web wu-ftpd[10527]: REST 0
Mar 28 18:59:17 web wu-ftpd[10527]: STOR 582.258
Mar 28 18:59:17 web wu-ftpd[10527]: ALLO 104154
Mar 28 18:59:17 web wu-ftpd[10527]: REST 0
Mar 28 18:59:17 web wu-ftpd[10527]: STOR 582.258
Mar 28 18:59:18 web wu-ftpd[10527]: CWD /etc
Mar 28 18:59:18 web wu-ftpd[10527]: PASV
Mar 28 18:59:18 web wu-ftpd[10527]: TYPE Image
Mar 28 18:59:18 web wu-ftpd[10527]: CWD /etc
Mar 28 18:59:18 web wu-ftpd[10527]: PASV
Mar 28 18:59:18 web wu-ftpd[10527]: TYPE Image
Mar 28 18:59:19 web wu-ftpd[10527]: ALLO 104154
Mar 28 18:59:20 web wu-ftpd[10527]: REST 0
Mar 28 18:59:20 web wu-ftpd[10527]: STOR 582.258
Mar 28 18:59:20 web wu-ftpd[10527]: CWD /lib
Mar 28 18:59:20 web wu-ftpd[10527]: REST 0
Mar 28 18:59:20 web wu-ftpd[10527]: STOR 582.258
Mar 28 18:59:20 web wu-ftpd[10527]: CWD /lib
Mar 28 18:59:21 web wu-ftpd[10527]: PASV
Mar 28 18:59:21 web wu-ftpd[10527]: TYPE Image
Mar 28 18:59:21 web wu-ftpd[10527]: ALLO 104154
Mar 28 18:59:21 web wu-ftpd[10527]: PASV
Mar 28 18:59:21 web wu-ftpd[10527]: TYPE Image
Mar 28 18:59:21 web wu-ftpd[10527]: ALLO 104154
Mar 28 18:59:22 web wu-ftpd[10527]: REST 0
Mar 28 18:59:22 web wu-ftpd[10527]: STOR 582.258
Mar 28 18:59:22 web wu-ftpd[10527]: CWD /pub
Mar 28 18:59:22 web wu-ftpd[10527]: PASV
Mar 28 18:59:22 web wu-ftpd[10527]: REST 0
Mar 28 18:59:22 web wu-ftpd[10527]: STOR 582.258
Mar 28 18:59:22 web wu-ftpd[10527]: CWD /pub
Mar 28 18:59:22 web wu-ftpd[10527]: PASV
Mar 28 18:59:23 web wu-ftpd[10527]: TYPE Image
Mar 28 18:59:26 web wu-ftpd[10527]: ALLO 104154
Mar 28 18:59:26 web wu-ftpd[10527]: REST 0
Mar 28 18:59:26 web wu-ftpd[10527]: STOR 582.258
Mar 28 18:59:26 web wu-ftpd[10527]: ALLO 104154
Mar 28 18:59:21 web wu-ftpd[10527]: PASV
Mar 28 18:59:21 web wu-ftpd[10527]: TYPE Image
Mar 28 18:59:21 web wu-ftpd[10527]: ALLO 104154
Mar 28 18:59:21 web wu-ftpd[10527]: PASV
Mar 28 18:59:21 web wu-ftpd[10527]: TYPE Image
Mar 28 18:59:21 web wu-ftpd[10527]: ALLO 104154
Mar 28 18:59:22 web wu-ftpd[10527]: REST 0
Mar 28 18:59:22 web wu-ftpd[10527]: STOR 582.258
Mar 28 18:59:22 web wu-ftpd[10527]: CWD /pub
Mar 28 18:59:22 web wu-ftpd[10527]: PASV
Mar 28 18:59:22 web wu-ftpd[10527]: REST 0
Mar 28 18:59:22 web wu-ftpd[10527]: STOR 582.258
Mar 28 18:59:22 web wu-ftpd[10527]: CWD /pub
Mar 28 18:59:22 web wu-ftpd[10527]: PASV
Mar 28 18:59:23 web wu-ftpd[10527]: TYPE Image
Mar 28 18:59:26 web wu-ftpd[10527]: ALLO 104154
Mar 28 18:59:26 web wu-ftpd[10527]: REST 0
Mar 28 18:59:26 web wu-ftpd[10527]: STOR 582.258
Mar 28 18:59:26 web wu-ftpd[10527]: ALLO 104154
Mar 28 18:59:26 web wu-ftpd[10527]: REST 0
Mar 28 18:59:26 web wu-ftpd[10527]: STOR 582.258
Mar 28 19:00:02 web kernel: EXT2-fs warning: maximal mount count
reached,
running e2fsck is recommended
Mar 28 19:00:02 web kernel: EXT2-fs warning: maximal mount count
reached,
running e2fsck is recommended

Can you give me your opinion ?

Thanks in advance

dl

is this an attack ?

Reply via email to