[Watford] slug under attack!

Alain Williams addw at phcomp.co.uk
Tue Aug 11 09:13:27 UTC 2009 

I notice that we were attacked last night from China, part of /var/log/messages:

Aug 10 21:46:00 (none) authpriv.info xinetd[437]: START: ftp pid=4006 from=222.240.128.50
Aug 10 21:46:06 (none) authpriv.info xinetd[437]: START: ftp pid=4008 from=222.240.128.50
Aug 10 21:46:11 (none) authpriv.info xinetd[437]: START: ftp pid=4010 from=222.240.128.50
Aug 10 21:46:17 (none) authpriv.info xinetd[437]: START: ftp pid=4012 from=222.240.128.50
Aug 10 21:46:22 (none) authpriv.info xinetd[437]: START: ftp pid=4014 from=222.240.128.50
Aug 10 21:46:28 (none) authpriv.info xinetd[437]: START: ftp pid=4016 from=222.240.128.50
Aug 10 21:46:34 (none) authpriv.info xinetd[437]: START: ftp pid=4018 from=222.240.128.50
Aug 10 21:46:39 (none) authpriv.info xinetd[437]: START: ftp pid=4020 from=222.240.128.50
Aug 10 21:46:45 (none) authpriv.info xinetd[437]: START: ftp pid=4022 from=222.240.128.50
Aug 10 21:46:50 (none) authpriv.info xinetd[437]: START: ftp pid=4024 from=222.240.128.50
Aug 10 21:46:56 (none) authpriv.info xinetd[437]: START: ftp pid=4026 from=222.240.128.50
Aug 10 21:47:01 (none) authpriv.info xinetd[437]: START: ftp pid=4028 from=222.240.128.50
Aug 10 21:47:07 (none) authpriv.info xinetd[437]: START: ftp pid=4030 from=222.240.128.50
Aug 10 21:47:13 (none) authpriv.info xinetd[437]: START: ftp pid=4032 from=222.240.128.50
Aug 10 21:47:18 (none) authpriv.info xinetd[437]: START: ftp pid=4034 from=222.240.128.50
Aug 10 21:47:24 (none) authpriv.info xinetd[437]: START: ftp pid=4036 from=222.240.128.50
Aug 10 21:47:29 (none) authpriv.info xinetd[437]: START: ftp pid=4038 from=222.240.128.50
Aug 10 21:47:35 (none) authpriv.info xinetd[437]: START: ftp pid=4040 from=222.240.128.50
Aug 10 21:47:41 (none) authpriv.info xinetd[437]: START: ftp pid=4042 from=222.240.128.50

So, like it or not, we do need to take security seriously. I doubt that Magnus would like to
have one of his IP addresses end up in a RBL!


In moving rsync to xinetd - we broke it. I have now fixed this and successfully done a backup.
Note that rsync is restricted to my machine that does the backups.

Regards

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256  http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
Past chairman of UKUUG: http://www.ukuug.org/
#include <std_disclaimer.h>

More information about the Watford mailing list