I have not been able to get portsnap to work at all today.
On Dec 10, 2010, at 10:53 PM, Grant Peel wrote: > ----- Original Message ----- From: "Jerry Bell" <je...@nrdx.com> > To: <freebsd-questions@freebsd.org> > Sent: Friday, December 10, 2010 4:47 PM > Subject: Re: Runaway ProFTP? > > >> I have been having this happen a few times per week for the past few weeks. >> I believe it is caused by someone attacking proftpd. I noticed today that >> there is an updated version - 1.3.3c that fixes a vulnerability that they >> may have been trying to exploit. >> >> When I looked at the process list, I would see around 20 proftpd's, each >> with a high amount of CPU used, and connected to a specific IP. I'd >> firewall off those IPs and kill off proftpd/restart. Knock on wood, I have >> not had that happen since upgrading to 1.3.3c, but that may just be because >> no one has tried again yet. >> >> Jerry >> On 12/10/2010 4:39 PM, Ryan Coleman wrote: >>> Does anyone have any ideas? >>> >>> On Dec 9, 2010, at 3:12 PM, Ryan Coleman wrote: >>> >>>> Dear list, >>>> >>>> Has anyone else had experience with ProFTP 1.3.3a running away with >>>> processes? I installed it about 2 months ago with a new server build and >>>> over the course of the last three weeks I've had to forcibly kill, wait >>>> and restart the service every one-to-three days and sucking up between 20% >>>> and 80% of my system resources. >>>> >>>> I've attempted to change the logging in hopes to track down what is >>>> causing the problems but I have not been successful. Additionally it won't >>>> connect after a restart through Filezilla but using Terminal on my MBP it >>>> will connect in the CLI. >>>> >>>> It's not the end of the world (for me) but it is for my staff when they >>>> have to upload large numbers of photos. >>>> >>>> Thanks, >>>> Ryan >>>> >>>> _______________________________________________ >>>> freebsd-questions@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>> To unsubscribe, send any mail to >>>> "freebsd-questions-unsubscr...@freebsd.org" >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" >> > > Indeed, this Proftpd 1.3.3a vulnerability is exactly what my post on > upgrading a single port is all about. I can say for a fact that the botnets > are trying to use the vulnerability and that you are quite correct that the > CPU / ZOMBIE processes are exploit related. > > I just upgraded today and so far so good. > > \FYI for anyone that is following my thread on updating one single port: I > must have a somwhat busted installation. Using port upgrade failed ... sorry > I did not remember to keep the output, but, I was able to download the source > from proftpd.org and install it from scratch. > > -Grant > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"