are danger "shadowserver.org" ? (they loged into my server FTP?)
hello,
this means 184.105.247.196 (scan-15.shadowserver.org) loged into my server:
??? if yes, how I fix my IPTABLES rules? if no, then what means the previous records?
[root@pepsi ~]# journalctl --no-pager | grep 184.105.247.196
Jun 20 12:42:14 pepsi pure-ftpd[12804]: (?@184.105.247.196) [INFO] New connection from 184.105.247.196
Jun 20 12:42:15 pepsi pure-ftpd[12804]: (?@184.105.247.196) [INFO] TLS: Enabled TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256, 128 secret bits cipher
Jun 20 12:42:16 pepsi pure-ftpd[12804]: (?@184.105.247.196) [INFO] Logout.
[root@pepsi ~]#??? if yes, how I fix my IPTABLES rules? if no, then what means the previous records?
-
hello, this means 184.105.247.196 (scan-15.shadowserver.org) loged into my server:
[root@pepsi ~]# journalctl --no-pager | grep 184.105.247.196 Jun 20 12:42:14 Ipc pure-ftpd[12804]: (?@184.105.247.196) [INFO] New connection from 184.105.247.196 Jun 20 12:42:15 Ipc pure-ftpd[12804]: (?@184.105.247.196) [INFO] TLS: Enabled TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256, 128 secret bits cipher Jun 20 12:42:16 Ipc pure-ftpd[12804]: (?@184.105.247.196) [INFO] Logout. [root@pepsi ~]#
??? if yes, how I fix my IPTABLES rules? if no, then what means the previous records?
They connected to your server using FTP protocol, but they did not even try to log in. I suggest you install CSF:0 -
Thanks master @quietFinn, and they are ... dangerous?, why they snooping our network?
What happened there is called "port scanning", they are checking what ports are open. That itself is not dangerous, but it's dangerous if they are able to log in. If you don't need FTP, disable it and close port 21, otherwise make sure you disable anonymous & root logins in FTP settings, and make sure every user in your server has strong password.0 -
What happened there is called "port scanning", they are checking what ports are open. That itself is not dangerous, but it's dangerous if they are able to log in. If you don't need FTP, disable it and close port 21, otherwise make sure you disable anonymous & root logins in FTP settings, and make sure every user in your server has strong password.
oh quite the opposite, I couldn't get the FTP to work. I have cPanel + CSF + CentOS 8 + PureFTP I doit: 1// How to Enable FTP Passive Mode - cPanel Knowledge Base - cPanel Documentation and restart all, but FTP answer is:Timeout detected. (data connection) Could not retrieve directory listing Error listing directory '/public_html'.
some idea please?0 -
in /etc/pure-ftpd.conf there is line: PassivePortRange 49152 65534 Did you open ports 49152 -65534? Also are you using FileZilla? 0 -
in /etc/pure-ftpd.conf there is line: PassivePortRange 49152 65534 Did you open ports 49152 -65534? Also are you using FileZilla?
Thanks, in /etc/csf/csf.conf this is my line TCP_IN:TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,8443,30000:35000"
and just below I add line:PassivePortRange 30000 35000
also I create the file /var/cpanel/conf/pureftpd/local with:ForcePassiveIP: My.IP PassivePortRange: 49152 65534
0 -
You open ports 30000-35000, but PassivePortRange: 49152 65534, that is not going to work. They must be the same. 0 -
...Also are you using FileZilla?
ah!, thanks by open my ices, with your help I change the file /var/cpanel/conf/pureftpd/local with:ForcePassiveIP: My.IP PassivePortRange: 30000 35000
and now ALL connect fine:- FileZilla-3.54.1
- WinSCP-5.19-Portable
- NicoFtp3
0
Please sign in to leave a comment.
Comments
8 comments