Log Review Failed FTP Attempt
Andrew Harris
tuna at supertunaman.com
Thu Jan 19 13:52:09 MST 2012
Well nevermind then. Just /var/log/secure.
On Thu, Jan 19, 2012 at 2:50 PM, keith smith <klsmith2020 at yahoo.com> wrote:
>
> No Control panel only command line.
>
> Thanks!
>
> ------------------------
> Keith Smith
>
> --- On *Thu, 1/19/12, Andrew Harris <tuna at supertunaman.com>* wrote:
>
>
> From: Andrew Harris <tuna at supertunaman.com>
> Subject: Re: Log Review Failed FTP Attempt
> To: "Main PLUG discussion list" <plug-discuss at lists.plug.phoenix.az.us>
> Date: Thursday, January 19, 2012, 12:07 PM
>
>
> Also, is it cPanel by chance? Is cPHulk enabled?
>
> On Thu, Jan 19, 2012 at 1:06 PM, Andrew Harris <tuna at supertunaman.com<http://mc/compose?to=tuna@supertunaman.com>
> > wrote:
>
> Hey Keith
>
> I'm afraid your language is just a bit ambiguous -- SFTP, as in FTP over
> SSH, or FTP, as in ProFTPd or Pure-FTPd?
>
> If it's the former, then /var/log/secure will be the right place, but
> it'll show up as sshd. Here's what a failed login looks like on my CentOS
> VPS:
>
> Jan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): check pass; user
> unknown
> Jan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
> cpe-66-68-110-19.austin.res.rr.com
>
> If it's actual FTP, I believe that will be in /var/log/messages or
> something, depending on how it's configured.
>
> On Thu, Jan 19, 2012 at 12:29 PM, keith smith <klsmith2020 at yahoo.com<http://mc/compose?to=klsmith2020@yahoo.com>
> > wrote:
>
>
> Hi,
>
> I've setup Iptables so only certain IP addresses can access our shell. It
> works well for the handful of us that access the shell.
>
> We also run SFTP. So the IP for anyone needing FTP must be in the IP
> tables as well.
>
> Today, I'm trying to configure someone remotely. I added their IP address
> to the IPTables and helped them configure their FTP Client. They are not
> able to connect. It is unclear to me if it is a client or server issue.
> So I am looking at the logs.
>
> I'm running CentOS 5.6 and looking in /var/log/secure . I see no entry
> for the failed access attempt.
>
> Is there another log I should be looking in?
>
> Thank you for your help!
>
> ------------------------
> Keith Smith
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us<http://mc/compose?to=PLUG-discuss@lists.plug.phoenix.az.us>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
>
> -----Inline Attachment Follows-----
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us<http://mc/compose?to=PLUG-discuss@lists.plug.phoenix.az.us>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20120119/cb941670/attachment.html>
More information about the PLUG-discuss
mailing list