Log Review Failed FTP Attempt
keith smith
klsmith2020 at yahoo.com
Thu Jan 19 13:55:37 MST 2012
Ok, Thanks!
------------------------
Keith Smith
--- On Thu, 1/19/12, Andrew Harris <tuna at supertunaman.com> wrote:
From: Andrew Harris <tuna at supertunaman.com>
Subject: Re: Log Review Failed FTP Attempt
To: "Main PLUG discussion list" <plug-discuss at lists.plug.phoenix.az.us>
Date: Thursday, January 19, 2012, 1:52 PM
Well nevermind then. Just /var/log/secure.
On Thu, Jan 19, 2012 at 2:50 PM, keith smith <klsmith2020 at yahoo.com> wrote:
No Control panel only command line.
Thanks!
------------------------
Keith Smith
--- On Thu, 1/19/12, Andrew Harris <tuna at supertunaman.com> wrote:
From: Andrew Harris <tuna at supertunaman.com>
Subject: Re: Log Review Failed FTP Attempt
To: "Main PLUG discussion list" <plug-discuss at lists.plug.phoenix.az.us>
Date: Thursday, January 19, 2012, 12:07 PM
Also, is it cPanel by chance? Is cPHulk enabled?
On Thu, Jan 19, 2012 at 1:06 PM, Andrew Harris <tuna at supertunaman.com> wrote:
Hey Keith
I'm afraid your language is just a bit ambiguous -- SFTP, as in FTP over SSH, or FTP, as in ProFTPd or Pure-FTPd?
If it's the former, then /var/log/secure will be the right place, but it'll show up as sshd. Here's what a failed login looks like on my CentOS VPS:
Jan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): check pass; user unknownJan 19 13:04:04 sta sshd[12164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cpe-66-68-110-19.austin.res.rr.com
If it's actual FTP, I believe that will be in /var/log/messages or something, depending on how it's configured.
On Thu, Jan 19, 2012 at 12:29 PM, keith smith <klsmith2020 at yahoo.com> wrote:
Hi,
I've setup Iptables so only certain IP addresses can access our shell. It works well for the handful of us that access the shell.
We also run SFTP. So the IP for anyone needing FTP must be in the IP tables as well.
Today, I'm trying to configure someone remotely. I added their IP address to the IPTables and helped them configure their FTP Client. They are not able to connect. It is unclear to me if it is a client or server issue. So I am looking at the logs.
I'm running CentOS 5.6 and looking in /var/log/secure . I see no entry for the failed access attempt.
Is there another log I should be looking in?
Thank you for your help!
------------------------
Keith Smith
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-----Inline Attachment Follows-----
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-----Inline Attachment Follows-----
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20120119/da6c7666/attachment.html>
More information about the PLUG-discuss
mailing list