Mon May 27 11:57:03 BST 2002
On Mon, 27 May 2002 09:33:17 +0100, Steve Greenshaw wrote:
>> on from novatech.com, service ftpd (tcp)
>No date or user info. Just that as a single entry. I've looked in the
>logs and there's nothing anywhere relating to 'novatech.com'.
>My worry is that this is perhaps an indication that somebody has
>actually been logged on ... ? I can't see anything on the machine that
>shouldn't be there.
That doesn't look like a complete syslog message.
It may be that problem with syslog been overflowing...
The problem is that the default ftpd that comes with fbsd doesn't
log successful logins to the system, it will only log failed logins.
So even if someone did manage to login (via ftpd), you won't know about =
The best trick to avoid password scanners is to use a cron job which che=
the logs for failed logins via ftpd/sshd etc. Then in case there is a fa=
it should permanently block the ip and/or range of ip's in your firewall=
=FE H.I.C. & D.B.S. =FE OS/2 Warp =FE Hellas =FE
=FE ServerConfig =FE ConfigEdit =FE OS/2 UK UG =FE
=FE Live fast, die young, and leave a handsome corpse =FE
More information about the Ukfreebsd