So, I have a weird problem and I really don't even know where to begin figuring it out.
As anyone who has an open FTP server knows, getting random login attempts from random people is all part of the game. I've been running an FTP server for over 20 years, so this is nothing new to me.
What IS new to me, however, is deleting my old FTP Server and installing the FileZilla Server a few months back, and since then me being remotely accessed by.. myself.
Specifically, I am being reportedly being accessed by the 192.168... IP of my own computer. The very same computer that is running the server.
A couple of months back I was also being accessed by six difference IPv6 numbers, all of which I found as belonging to MY computer's network card when I did an ipconfig /all. I've since disabled IPv6 in my router (and bought a new, better, far more secure router) and no longer see any IPv6 login attempts.
I've done all the obvious bits like scanning for everything and nothing, but I really don't think I could have any sort of malware. Even if I did, however, whomever would be on the computer wouldn't need to try to log into the FTP on the same computer because they'd already be in it.. with full access to all the data on the server and considerably more.
These connections have all the hallmarks of regular random connection attempts. User: Admin, Pass: Admin. User: Admin, Pass: God and so forth, so it's not like I'm looking at some major brute-force thing.
The latest mind boggler is this brand new thing that this "person" tries to log on every morning, around the same time... roughly 9:40-9:50 in the morning.
Always the same 4 attempts, too:
4 attempts to log in as Admin. No more and no fewer. Several mornings in a row now??(000056)16.3.2018 09:54:20 - (not logged in) (192.168...)> USER admin
(000056)16.3.2018 09:54:20 - (not logged in) (192.168...)> 331 Password required for admin
(000056)16.3.2018 09:54:20 - (not logged in) (192.168...)> PASS *****
(000056)16.3.2018 09:54:20 - (not logged in) (192.168...)> 530 Login or password incorrect!
(000056)16.3.2018 09:54:20 - (not logged in) (192.168...)> USER admin
(000056)16.3.2018 09:54:20 - (not logged in) (192.168...)> 331 Password required for admin
(000056)16.3.2018 09:54:20 - (not logged in) (192.168...)> PASS
(000056)16.3.2018 09:54:20 - (not logged in) (192.168...)> 530 Login or password incorrect!
(000056)16.3.2018 09:54:20 - (not logged in) (192.168...)> USER Admin
(000056)16.3.2018 09:54:20 - (not logged in) (192.168...)> 331 Password required for admin
(000056)16.3.2018 09:54:20 - (not logged in) (192.168...)> PASS *****
(000056)16.3.2018 09:54:20 - (not logged in) (192.168...)> 530 Login or password incorrect!
(000056)16.3.2018 09:54:21 - (not logged in) (192.168...)> USER Admin
(000056)16.3.2018 09:54:21 - (not logged in) (192.168...)> 331 Password required for admin
(000056)16.3.2018 09:54:22 - (not logged in) (192.168...)> PASS
(000056)16.3.2018 09:54:22 - (not logged in) (192.168...)> 530 Login or password incorrect!
So, I come to you guys, hoping to get some clue for what could be going on. Help!
