hi all the last couple of days, i've noticed strange security notifications sent to the root user of one of my boxen. this box is running proftpd as an ftp server. the messages appear whenever somebody authenticates via ftp. most often, it's me ftp'ing to the machine, so it's probably not someone doing something malicious (just in case, i ran chkrootkit and yafic, which turn up clean...)
the messages look like Oct 10 11:27:06 server proftpd[45750]: server.com +(my.box.com[129.xxx.xx.xx]) - PAM(secure): Permission denied. Oct 10 11:17:25 server sendmail[45703]: h9AGHPbK045703: h9AGHPbL045703: DSN: To:... List:; +syntax illegal for recipient addresses Oct 10 11:17:41 server sendmail[45708]: h9AGHfPB045708: h9AGHfPC045708: DSN: To:... List:; +syntax illegal for recipient addresses Oct 10 11:18:43 server sendmail[45715]: h9AGIhBK045715: h9AGIhBL045715: DSN: To:... List:; +syntax illegal for recipient addresses Oct 10 11:19:13 server sendmail[45720]: h9AGJDEV045720: h9AGJDEW045720: DSN: To:... List:; +syntax illegal for recipient addresses Oct 10 11:19:29 server sendmail[45725]: h9AGJTMA045725: h9AGJTMB045725: DSN: To:... List:; +syntax illegal for recipient addresses Oct 10 11:19:56 server sendmail[45730]: h9AGJuBg045730: h9AGJuBh045730: DSN: To:... List:; +syntax illegal for recipient addresses i'm not sure what to make of these messages. ftp still seems to work (fyi - i upgraded to the latest version of proftpd today - 1.2.8 stable, didn't fix the situation though), my server is FreeBSD server.com 4.7-RELEASE-p23 FreeBSD 4.7-RELEASE-p23 #0: Fri Oct 3 21:37:09 CDT 2003 if anyone can shed some light, i'd really appreciate it... thanks again redmond -- FreeBSD 5.1-RELEASE-p10 FreeBSD 5.1-RELEASE-p10 #0: Fri Oct 3 21:30:51 CDT 2003 11:45AM up 5 days, 2:01, 2 users, load averages: 0.82, 0.51, 0.48 Oh, wow! Look at the moon!
pgp00000.pgp
Description: PGP signature