[Erlug] Vsftpd impazzito ora accetta solo da locale

Piccinini Luca <swipon@xxxxxxxx> · Fri, 12 Dec 2008 12:32:27 +0100

Ciao a tutti, ho un problema abbastanza serio.

Avendo un server a milano con "redhat el5" in housing, lo uso come server web ed ftp.

La configurazione di vsftp è basic, ho solo aggiunto chroot_local_user=YES, da 2 anni lo utilizzo senza problemi, ma adesso di colpo funziona solo da locale.

Dai log ho notato che potrebbe essere stato un "attacco":

Wed Nov 19 16:31:24 2008 1 89.97.35.72 15692 /joomla-virtuemart/extra/controllo_PIVA_CF_v7.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:31:24 2008 1 89.97.35.72 8601 /joomla-virtuemart/extra/com_vmsyndicate.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:31:30 2008 21 89.97.35.72 681123 /joomla-virtuemart/extra/jce_118_FULL_ITA_unzipme.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:31:34 2008 4 89.97.35.72 80436 /joomla-virtuemart/extra/com_mysms-0.9.4.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:32:45 2008 81 89.97.35.72 2115807 /joomla-virtuemart/extra/com_roundcube-V1.1.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:33:28 2008 114 89.97.35.72 4483568 /joomla-virtuemart/extra/com_joomMyAdmin1x_2_11_9_2.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:33:43 2008 58 89.97.35.72 1408428 /joomla-virtuemart/extra/com_agora_Forum_J10X.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:33:46 2008 18 89.97.35.72 743965 /joomla-virtuemart/extra/backup-extract-0.1.exe b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:11 2008 24 89.97.35.72 402578 /joomla-virtuemart/extra/blog/mojoblog-0.16-FULL.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:11 2008 1 89.97.35.72 1878 /joomla-virtuemart/extra/mailinglist/searchbot_letterman_1.2.3.tar.gz b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:12 2008 1 89.97.35.72 3071 /joomla-virtuemart/extra/mailinglist/mod_letterman_1_2_5.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:18 2008 6 89.97.35.72 127099 /joomla-virtuemart/extra/mailinglist/com_letterman_1_2_4_RC1.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:23 2008 4 89.97.35.72 39119 /joomla-virtuemart/extra/mappe/com_sefservicemap.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:24 2008 1 89.97.35.72 3865 /joomla-virtuemart/extra/mappe/mambot plugins for Joomla 1.0.x e virtuemart 1.0.x/com_weblinks_bot.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:24 2008 1 89.97.35.72 5806 /joomla-virtuemart/extra/mappe/mambot plugins for Joomla 1.0.x e virtuemart 1.0.x/com_virtuemart_bot_104.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:24 2008 1 89.97.35.72 4993 /joomla-virtuemart/extra/mappe/mambot plugins for Joomla 1.0.x e virtuemart 1.0.x/com_newsfeeds_bot.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:24 2008 1 89.97.35.72 4342 /joomla-virtuemart/extra/mappe/mambot plugins for Joomla 1.0.x e virtuemart 1.0.x/com_imagelinks_bot.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:25 2008 1 89.97.35.72 4844 /joomla-virtuemart/extra/mappe/mambot plugins for Joomla 1.0.x e virtuemart 1.0.x/com_content_bot.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:25 2008 1 89.97.35.72 5425 /joomla-virtuemart/extra/mappe/mambot plugins for Joomla 1.0.x e virtuemart 1.0.x/com_contact_bot.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:26 2008 1 89.97.35.72 4196 /joomla-virtuemart/extra/mappe/mambot plugins for Joomla 1.0.x e virtuemart 1.0.x/com_bookmarks_bot.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:27 2008 1 89.97.35.72 2956 /joomla-virtuemart/extra/recaptcha/mod_recaptachalogin_1.0.13.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:29 2008 2 89.97.35.72 14600 /joomla-virtuemart/extra/recaptcha/com_recaptcha_1.0.13.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:40 2008 11 89.97.35.72 284577 /joomla-virtuemart/extra/template/netsy.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:41 2008 58 89.97.35.72 2653971 /joomla-virtuemart/extra/JoomlaPack_1.2.2_backup-unzipme.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:42 2008 1 89.97.35.72 57839 /joomla-virtuemart/extra/template/modxorange.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:44 2008 2 89.97.35.72 59683 /joomla-virtuemart/extra/template/modx.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:47 2008 5 89.97.35.72 83519 /joomla-virtuemart/extra/template/greymix.rar b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:48 2008 1 89.97.35.72 0 /joomla-virtuemart/extra/template/7srl.zip b _ o a anon@localhost ftp 0 * i

Wed Nov 19 16:34:48 2008 1 89.97.35.72 6137 /joomla-virtuemart/extra/traduzioni/com.jfcei.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:48 2008 3 89.97.35.72 106667 /joomla-virtuemart/extra/template/fd_narcotix.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:56 2008 8 89.97.35.72 208189 /joomla-virtuemart/extra/traduzioni/Joom!Fish1.7b.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:56 2008 1 89.97.35.72 3180 /joomla-virtuemart/extra/wiki/wiki_searchbot_0.9.7.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:56 2008 8 89.97.35.72 420981 /joomla-virtuemart/extra/url rewriter/com_sh404SEF_1.3.8_build_337.joomla1.0.x.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:56 2008 1 89.97.35.72 1770 /joomla-virtuemart/extra/wiki/wiki_bot.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:57 2008 1 89.97.35.72 2495 /joomla-virtuemart/extra/wiki/mod_wikigotopage.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:57 2008 1 89.97.35.72 3849 /joomla-virtuemart/extra/wiki/mod_wikilatest-0.9.7.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:57 2008 1 89.97.35.72 2774 /joomla-virtuemart/extra/xmap/xmap_com_zoom-1.0.0.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:34:57 2008 1 89.97.35.72 2785 /joomla-virtuemart/extra/xmap/xmap_com_virtuemart-1.0.0.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:35:02 2008 4 89.97.35.72 4762 /joomla-virtuemart/extra/xmap/xmap_com_content-1.0.1.zip b _ o a anon@localhost ftp 0 * c

Wed Nov 19 16:35:06 2008 4 89.97.35.72 136092 /joomla-virtuemart/extra/xmap/com_xmap-1.1.zip b _ o a anon@localhost ftp 0 * c

La conf sembra ok:

Ho già controllato iptables:

[root@systemweb ~]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  anywhere             anywhere      

Ho controllato tramite telnet:

piccinini@turboX:~$ telnet 7reggioemilia.com 21

Trying 195.250.34.113...

Connected to 7reggioemilia.com.

Escape character is '^]'.

220 (vsFTPd 2.0.5)

ma non mi si connette rimanendo appeso come di seguito:

piccinini@turboX:~$ lftp 7reggioemilia.com

lftp 7reggioemilia.com:~> ls

`ls' at 0 [Creo la connessione dati...]

mentre da locale:

[root@systemweb ~]# lftp 7reggioemilia.com

lftp 7reggioemilia.com:~> ls

-rw-r--r--    1 0        0        22273040 Oct 14 15:44 AdbeRdr80_it_IT.exe

-rw-r--r--    1 0        0          411856 Sep 10  2007 HylaFAXSender-1.0.dmg

-rw-r--r--    1 0        0         1956040 Oct 14 15:47 PPVIEWER.EXE

-rw-r--r--    1 0        0        22404904 Oct 01 10:04 SkypeSetup.exe

-rw-r--r--    1 0        0         1360669 Mar 21  2008 WinprintHylaFAX-1.2.9.exe

-rw-r--r--    1 0        0         2955128 Oct 27 11:26 ccsetup213.exe

-rw-r--r--    1 0        0         3169808 Oct 15 13:29 cdbxp_setup_4.2.2.1012.exe

drw-r--r--    4 0        0            4096 Nov 07 09:59 joomla-virtuemart

-rw-r--r--    1 0        0        11383714 Oct 14 15:46 ndntitad.exe

-rw-r--r--    1 0        0        10940529 Oct 14 15:45 ndntitst.exe

-rw-r--r--    1 0        0         1119521 Oct 16  2006 openvpn-2.0.9-gui-1.0.3-install.exe

drwxr-xr-x    2 0        0            4096 Jan 17  2007 pub

-rw-r--r--    1 0        0          743469 Oct 14 15:43 vnc-4.0-x86_win32.exe

Il mio ip fisso del lavoro è già inserito in hosts.allow con:

ALL: IL.MIO.IP.PUBLIC: ALLOW

Ho provato sia rimuovere e reinstallare il pacchetto che a farlo girare in singlie o in xinetd ma con lo stesso risultato

Vi prego aiutatemi, sono abbastanza in crisi

Ciao a tutti

Swipon

signature.asc

Description: Questa =?ISO-8859-1?Q?=E8?= una parte del messaggio	firmata digitalmente

To:	ERlug - Lista Pubblica <erlug@xxxxxxxxxxxxxx>
Subject:	[Erlug] Vsftpd impazzito ora accetta solo da locale
From:	Piccinini Luca <swipon@xxxxxxxx>
Date:	Fri, 12 Dec 2008 12:32:27 +0100

<Prev in Thread]	Current Thread	[Next in Thread>
[Erlug] Vsftpd impazzito ora accetta solo da locale, Piccinini Luca <= Re: [Erlug] Vsftpd impazzito ora accetta solo da locale, Vladimir Nicola Chersi Re: [Erlug] Vsftpd impazzito ora accetta solo da locale, Piccinini Luca Re: [Erlug] Vsftpd impazzito ora accetta solo da locale, Vladimir Nicola Chersi Re: [Erlug] Vsftpd impazzito ora accetta solo da locale, Piccinini Luca Re: [Erlug] Vsftpd impazzito ora accetta solo da locale, Fabio Ferrero Re: [Erlug] Vsftpd impazzito ora accetta solo da locale, Piccinini Luca Re: [Erlug] Vsftpd impazzito ora accetta solo da locale, Guido Bolognesi [Zen] Re: [Erlug] Vsftpd impazzito ora accetta solo da locale, Vladimir Nicola Chersi Re: [Erlug] Vsftpd impazzito ora accetta solo da locale, Piccinini Luca Re: [Erlug] Vsftpd impazzito ora accetta solo da locale, zen

Previous by Date:	[Erlug] ap client vs bridge, federico
Next by Date:	Re: [Erlug] Vsftpd impazzito ora accetta solo da locale, Vladimir Nicola Chersi
Previous by Thread:	[Erlug] ap client vs bridge, federico
Next by Thread:	Re: [Erlug] Vsftpd impazzito ora accetta solo da locale, Vladimir Nicola Chersi
Indexes:	[Date] [Thread] [Top] [All Lists]