proftpd what happen ?

E

ekaja

Verified User
Joined
Dec 9, 2007
Messages
46
ftp 37637 5.6 0.0 6816 2108 ?? R 9:00AM 1:21.50 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:54430) (proftpd)
ftp 37662 5.6 0.0 6816 2120 ?? R 9:00AM 1:21.76 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:40954) (proftpd)
ftp 37529 5.5 0.0 6816 2108 ?? R 9:00AM 1:25.20 proftpd: connected: ::ffff:66.36.241.192 :):ffff:66.36.241.192:47098) (proftpd)
ftp 37588 5.5 0.0 6816 2108 ?? R 9:00AM 1:25.36 proftpd: connected: ::ffff:66.36.241.192 :):ffff:66.36.241.192:54722) (proftpd)
ftp 37631 5.5 0.0 6816 2108 ?? R 9:00AM 1:23.39 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:58628) (proftpd)
ftp 37690 5.5 0.0 6816 2140 ?? R 9:00AM 1:21.70 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:47553) (proftpd)
ftp 37705 5.5 0.0 6816 2156 ?? R 9:00AM 1:22.78 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:52016) (proftpd)
ftp 37517 5.4 0.0 6816 2108 ?? R 9:00AM 1:26.39 proftpd: connected: ::ffff:66.36.241.192 :):ffff:66.36.241.192:46315) (proftpd)
ftp 37536 5.4 0.0 6816 2108 ?? R 9:00AM 1:26.04 proftpd: connected: ::ffff:66.36.241.192 :):ffff:66.36.241.192:47497) (proftpd)
ftp 37562 5.4 0.0 6816 2108 ?? R 9:00AM 1:25.76 proftpd: connected: ::ffff:66.36.241.192 :):ffff:66.36.241.192:47940) (proftpd)
ftp 37640 5.4 0.0 6816 2108 ?? R 9:00AM 1:23.63 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:59552) (proftpd)
ftp 37648 5.4 0.0 6816 2108 ?? R 9:00AM 1:23.76 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:60854) (proftpd)
ftp 37677 5.4 0.0 6816 2132 ?? R 9:00AM 1:23.41 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:43952) (proftpd)
ftp 37680 5.4 0.0 6816 2136 ?? R 9:00AM 1:22.72 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:45041) (proftpd)
ftp 37688 5.4 0.0 6816 2140 ?? R 9:00AM 1:23.56 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:47157) (proftpd)
ftp 37698 5.4 0.0 6816 2148 ?? R 9:00AM 1:22.97 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:50207) (proftpd)
ftp 37447 5.3 0.0 6816 2108 ?? R 9:00AM 1:27.75 proftpd: connected: ::ffff:66.36.241.192 :):ffff:66.36.241.192:42325) (proftpd)
ftp 37538 5.3 0.0 6816 2108 ?? R 9:00AM 1:26.84 proftpd: connected: ::ffff:66.36.241.192 :):ffff:66.36.241.192:45449) (proftpd)
ftp 37620 5.3 0.0 6816 2108 ?? R 9:00AM 1:22.50 proftpd: connected: ::ffff:66.36.241.192 :):ffff:66.36.241.192:59400) (proftpd)
ftp 37553 5.2 0.0 6816 2108 ?? R 9:00AM 1:25.29 proftpd: connected: ::ffff:66.36.241.192 :):ffff:66.36.241.192:47068) (proftpd)
ftp 37632 5.1 0.0 6816 2108 ?? R 9:00AM 1:23.66 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:53943) (proftpd)
ftp 37671 5.1 0.0 6816 2128 ?? R 9:00AM 1:22.15 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:41916) (proftpd)
ftp 37452 5.0 0.0 6816 2108 ?? R 9:00AM 1:29.12 proftpd: connected: ::ffff:66.36.241.192 :):ffff:66.36.241.192:44879) (proftpd)
ftp 37473 5.0 0.0 6816 2108 ?? R 9:00AM 1:27.30 proftpd: connected: ::ffff:66.36.241.192 :):ffff:66.36.241.192:42728) (proftpd)
ftp 37695 5.0 0.0 6816 2148 ?? R 9:00AM 1:21.87 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:48608) (proftpd)
ftp 37691 4.9 0.0 6816 2144 ?? R 9:00AM 1:20.98 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:47602) (proftpd)
ftp 37567 4.7 0.0 6816 2108 ?? R 9:00AM 1:24.28 proftpd: connected: ::ffff:66.36.241.192 :):ffff:66.36.241.192:48862) (proftpd)
ftp 37643 4.7 0.0 6816 2108 ?? R 9:00AM 1:24.62 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:55172) (proftpd)
ftp 37630 4.6 0.0 6816 2108 ?? R 9:00AM 1:22.76 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:58159) (proftpd)
ftp 37653 4.6 0.0 6816 2112 ?? R 9:00AM 1:23.80 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:33635) (proftpd)
ftp 37659 4.6 0.0 6816 2120 ?? R 9:00AM 1:24.24 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:40130) (proftpd)
ftp 37672 4.6 0.0 6816 2128 ?? R 9:00AM 1:22.01 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:42315) (proftpd)
ftp 37563 4.5 0.0 6816 2108 ?? R 9:00AM 1:24.01 proftpd: connected: ::ffff:66.36.241.192 :):ffff:66.36.241.192:48440) (proftpd)
ftp 37664 4.5 0.0 6816 2124 ?? R 9:00AM 1:23.42 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:41436) (proftpd)
ftp 37699 4.4 0.0 6816 2152 ?? R 9:00AM 1:21.83 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:50352) (proftpd)
ftp 37574 4.3 0.0 6816 2108 ?? R 9:00AM 1:24.14 proftpd: connected: ::ffff:66.36.241.192 :):ffff:66.36.241.192:49711) (proftpd)
ftp 37666 4.3 0.0 6816 2124 ?? R 9:00AM 1:24.52 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:41848) (proftpd)
ftp 37703 4.2 0.0 6816 2152 ?? R 9:00AM 1:23.44 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:51445) (proftpd)
ftp 37703 4.2 0.0 6816 2152 ?? R 9:00AM 1:23.44 proftpd: connected: ::ffff:173.201.26.61 :):ffff:173.201.26.61:51445) (proftpd)
ftp 6157 0.0 0.0 6816 2136 ?? Ss 9:50PM 0:00.20 proftpd: (accepting connections) (proftpd)
ekaja 39320 0.0 0.0 6816 2252 ?? S 9:23AM 0:00.01 proftpd: ekaja - ::ffff:58.11.35.49: IDLE (proftpd)
Click to expand...

ekaja is normal login
I check "/var/log/proftpd" not found IP (ex. 173.201.26.61)
This process cann't shutdown from directadmin
cann't shutdown via "killall -u ftp"

Can use this script for killall process
Code: 
kill -9 `ps -aux | grep proftpd | grep -v grep | awk '{print $2}'`

What process ?
What happen ?


Proftpd 1.3.2
Freebsd 6.2

Thank you.
 
Last edited:
Update your ProFTPd to the latest release available with custombuild script.
 
Set to:

Code: 
proftpd=yes

And save the file (/usr/local/directadmin/custombuild/options.conf)

Then do the following:
Code: 
cd /usr/local/directadmin/custombuild
rm -rf versions.txt
./build update_versions
 
This script !!!

http://www.securityfocus.com/data/vulnerabilities/exploits/44562.pl :eek:

written by kingcope
usage:
proremote.pl <target ip/host> <your ip> <target type>

[0] FreeBSD 8.1 i386, ProFTPD 1.3.3a Server (binary)
[1] FreeBSD 8.0/7.3/7.2 i386, ProFTPD 1.3.2a/e/c Server (binary)
[2] Debian GNU/Linux 5.0, ProFTPD 1.3.2e Server (Plesk binary)
[3] Debian GNU/Linux 5.0, ProFTPD 1.3.3 Server (Plesk binary)
[4] Debian GNU/Linux 4.0, ProFTPD 1.3.2e Server (Plesk binary)
[5] Debian Linux Squeeze/sid, ProFTPD 1.3.3a Server (distro binary)
[6] SUSE Linux 9.3, ProFTPD 1.3.2e Server (Plesk binary)
[7] SUSE Linux 10.0/10.3, ProFTPD 1.3.2e Server (Plesk binary)
[8] SUSE Linux 10.2, ProFTPD 1.3.2e Server (Plesk binary)
[9] SUSE Linux 11.0, ProFTPD 1.3.2e Server (Plesk binary)
[10] SUSE Linux 11.1, ProFTPD 1.3.2e Server (Plesk binary)
[11] SUSE Linux SLES 10, ProFTPD 1.3.2e Server (Plesk binary)
[12] CentOS 5, ProFTPD 1.3.2e Server (Plesk binary)
 
Last edited:
You must log in or register to reply here.
Back
Top