danilo lujambio <[EMAIL PROTECTED]> writes: > > 18:59:06 web wu-ftpd[10527]: connect from 200.158.144.201 > Mar 28 18:59:07 web wu-ftpd[10527]: USER anonymous > Mar 28 18:59:07 web wu-ftpd[10527]: PASS [EMAIL PROTECTED] [ etc. ]
This log indicates that someone connected as an anonymous user and attempted to upload a 104154-byte file named "528.258" to several directories: the anonymous user's "/bin", "/lib", and "/pub". The log doesn't show whether or not the upload attempts were successful. The fact that they were repeated several times suggests they weren't. I believe there's an automated tool that scans for FTP servers that have one or more read/writable directories. It uploads this file with random names "number.number" and tries to retrieve it again. The file itself is harmless---it's just a test to find open directories that can be used to trade pirated software or other files. You'll note that nowhere in your log did the person try to *retrieve* the file again, so it's quite likely they failed to store the file anywhere and gave up. No harm done. > Mar 28 19:00:02 web kernel: EXT2-fs warning: maximal mount count > reached, > running e2fsck is recommended > Mar 28 19:00:02 web kernel: EXT2-fs warning: maximal mount count > reached, > running e2fsck is recommended This is curious but not necessarily related. Is it possible someone mounted (or remounted) an EXT2 filesystem at this time? Or that you have an automounter running that might have mounted an EXT2 filesystem? -- Kevin <[EMAIL PROTECTED]>
