adad
02-05-2002, 08:34 AM
Hi guys,
I'm getting lots of these entries in our servers log files.
Jan 27 07:45:00 www proftpd[31823]: www.mydomain.com (localhost[127.0.0.1]) - FTP session opened.
Jan 27 07:45:00 www proftpd[31823]: www.mydomain.com (localhost[127.0.0.1]) - no such user 'anonymous'
Jan 27 07:45:00 www proftpd[31823]: www.mydomain.com (localhost[127.0.0.1]) - no such user 'anonymous'
Jan 27 07:45:00 www proftpd[31823]: www.mydomain.com (localhost[127.0.0.1]) - FTP session closed.
What I don't get is why all those requests come from 127.0.0.1.
When it's from a certain IP I understand that's a hacker trying to exploit some backdoor as "anonymous".
Comments?
I'm getting lots of these entries in our servers log files.
Jan 27 07:45:00 www proftpd[31823]: www.mydomain.com (localhost[127.0.0.1]) - FTP session opened.
Jan 27 07:45:00 www proftpd[31823]: www.mydomain.com (localhost[127.0.0.1]) - no such user 'anonymous'
Jan 27 07:45:00 www proftpd[31823]: www.mydomain.com (localhost[127.0.0.1]) - no such user 'anonymous'
Jan 27 07:45:00 www proftpd[31823]: www.mydomain.com (localhost[127.0.0.1]) - FTP session closed.
What I don't get is why all those requests come from 127.0.0.1.
When it's from a certain IP I understand that's a hacker trying to exploit some backdoor as "anonymous".
Comments?