0

I've uninstalled all ftp programs, except for the one plesk is running psa-proftpd. When removing with yum (Centos 5 server) it seems to be uninstalling a lot of plesk packages. Perhaps I'm overreacting so I'm here for opinions on what these logs show. This is the system messages log that have me worried:

Jan 12 05:08:27 server1 xinetd[10239]: START: smtp pid=28459 from=180.246.57.51
Jan 12 05:08:31 server1 xinetd[10239]: EXIT: smtp status=0 pid=28459 duration=4(sec)
Jan 12 05:48:49 server1 xinetd[10239]: START: smtp pid=12157 from=67.212.234.107
Jan 12 05:48:53 server1 xinetd[10239]: EXIT: smtp status=0 pid=12157 duration=4(sec)
Jan 12 07:26:24 server1 xinetd[10239]: START: smtp pid=18076 from=127.0.0.1
Jan 12 07:26:24 server1 xinetd[10239]: EXIT: smtp status=0 pid=18076 duration=0(sec)
Jan 12 07:54:20 server1 xinetd[10239]: START: smtp pid=3805 from=209.85.214.196
Jan 12 07:54:22 server1 xinetd[10239]: START: smtp pid=3822 from=127.0.0.1
Jan 12 07:54:22 server1 xinetd[10239]: EXIT: smtp status=0 pid=3822 duration=0(sec)
Jan 12 07:54:51 server1 xinetd[10239]: EXIT: smtp status=0 pid=3805 duration=31(sec)
Jan 12 16:17:31 server1 xinetd[10239]: START: ftp pid=24476 from=122.195.23.132
Jan 12 16:17:31 server1 proftpd[24476]: 207.55.244.72 (122.195.23.132[122.195.23.132]) - FTP session opened.
Jan 12 16:17:32 server1 proftpd[24476]: 207.55.244.72 (122.195.23.132[122.195.23.132]) - Preparing to chroot to directory '/var/www/vhosts/centerondisability.org/web_users/test'
Jan 12 16:17:35 server1 xinetd[10239]: EXIT: ftp status=0 pid=24476 duration=4(sec)
Jan 12 21:37:42 server1 xinetd[10239]: START: smtp pid=27839 from=200.86.88.101
Jan 12 21:37:46 server1 xinetd[10239]: EXIT: smtp status=1 pid=27839 duration=4(sec)
Jan 13 00:06:29 server1 xinetd[10239]: START: smtp pid=21939 from=182.177.193.108
Jan 13 00:06:33 server1 xinetd[10239]: EXIT: smtp status=1 pid=21939 duration=4(sec)
Jan 13 04:53:48 server1 statistics: Unable to get dir size of /var/lib/mysql/test
Jan 13 04:53:48 server1 statistics: Unable to get database status for "test": Unknown database 'test'
Jan 13 13:38:41 server1 xinetd[10239]: START: smtp pid=21828 from=190.11.80.187
Jan 13 13:38:49 server1 xinetd[10239]: EXIT: smtp status=0 pid=21828 duration=8(sec)
Jan 13 15:47:04 server1 xinetd[10239]: START: smtp pid=16102 from=72.18.226.236
Jan 13 15:47:07 server1 xinetd[10239]: EXIT: smtp status=0 pid=16102 duration=3(sec)
Jan 13 15:47:44 server1 xinetd[10239]: START: ftp pid=18085 from=67.205.103.181
Jan 13 15:47:44 server1 proftpd[18085]: 207.55.244.72 (67.205.103.181[67.205.103.181]) - FTP session opened.
Jan 13 15:47:44 server1 proftpd[18085]: 207.55.244.72 (67.205.103.181[67.205.103.181]) - FTP session closed.
Jan 13 15:47:44 server1 xinetd[10239]: EXIT: ftp status=0 pid=18085 duration=0(sec)
Jan 13 15:47:44 server1 xinetd[10239]: START: ftp pid=18093 from=67.205.103.181
Jan 13 15:47:44 server1 proftpd[18093]: 207.55.244.72 (67.205.103.181[67.205.103.181]) - FTP session opened.
Jan 13 15:47:44 server1 proftpd[18093]: 207.55.244.72 (67.205.103.181[67.205.103.181]) - FTP session closed.
Jan 13 15:47:44 server1 xinetd[10239]: EXIT: ftp status=0 pid=18093 duration=0(sec)
Jan 13 17:55:59 server1 xinetd[10239]: START: smtp pid=21697 from=127.0.0.1
Jan 13 17:55:59 server1 xinetd[10239]: EXIT: smtp status=0 pid=21697 duration=0(sec)
Jan 13 19:58:20 server1 xinetd[10239]: START: smtp pid=9543 from=127.0.0.1
Jan 13 19:58:20 server1 xinetd[10239]: EXIT: smtp status=0 pid=9543 duration=0(sec)
Jan 14 04:53:55 server1 statistics: Unable to get dir size of /var/lib/mysql/test
Jan 14 04:53:55 server1 statistics: Unable to get database status for "test": Unknown database 'test'
Jan 14 05:08:29 server1 xinetd[10239]: START: ftp pid=3482 from=208.98.22.226
Jan 14 05:08:29 server1 proftpd[3482]: 207.55.244.72 (208.98.22.226[208.98.22.226]) - FTP session opened.
Jan 14 05:08:30 server1 xinetd[10239]: EXIT: ftp status=0 pid=3482 duration=1(sec)
Jan 14 05:08:30 server1 xinetd[10239]: START: ftp pid=3486 from=208.98.22.226
Jan 14 05:08:30 server1 proftpd[3486]: 207.55.244.72 (208.98.22.226[208.98.22.226]) - FTP session opened.
Jan 14 05:08:30 server1 xinetd[10239]: EXIT: ftp status=0 pid=3486 duration=0(sec)
Jan 14 05:08:30 server1 xinetd[10239]: START: ftp pid=3488 from=208.98.22.226

We don't use FTP for anything. Only ssh. What should I do? Do I risk breaking Plesk and the non-technical users who access it are just SOL (my ideal), or is there another way to kill these access attempts?

Fred
  • 143
  • 1
  • 8

1 Answers1

0

The easiest way would be just to edit the firewall rules in your server on /etc/sysconfig/iptables and close access to ports 20 and 21 to your external IP, this won't break plesk and you'll stop seeing those pesky attempts.

lynxman
  • 9,397
  • 3
  • 25
  • 28