[quoted text, click to view] > From: "HoTShoT" <@>
>
> I got a weird message in the logs while setting up a new server: Please
note
> I DID NOT remove the username it appears to be blank in the logsfiles:
Please note that this message appears in the System Event Log, not in the
regular FTP log. Being specific about where you see an error message helps
us track down what might cause it.
[quoted text, click to view] > User at host 83.135.75.9 has timed-out after 120 seconds of inactivity.
This happens if a timeout occurs before a user has logged on. You can
reproduce this by opening up a command session, and running the command
"telnet myftp.example.com 21". This will bring up the regular FTP greeting
message, and if you don't then enter any further commands, your session
will eventually be timed out, creating the error you see above. You
haven't provided a user name and you haven't authenticated that you are
that user by entering the password, so there is no user name to log.
[quoted text, click to view] > Also the IP is registered to:
>
> OrgName: RIPE Network Coordination Centre
> OrgID: RIPE
> Address: Singel 258
> Address: 1016 AB
> City: Amsterdam
> StateProv:
> PostalCode:
> Country: NL
The 'whois' database is distributed. All you have found is that this
particular 'whois' entry is controlled by an agency other than the one you
are querying. Running a 'whois' query against the RIPE 'whois' server may
give you more information.
[quoted text, click to view] > Is this some sort of hack or something? Anonymous access is disabled and
all
> security patches have been applied.
This is not conclusive sign of a hack. It is a valid entry indicating that
someone connected to your FTP server, but was timed out before they entered
any commands. It could be a sign of a network scan, or it could just mean
that someone tried to log on, but was disconnected from their Internet
connection at an awkward moment.
Alun.
~~~~
