Random Ip's trying to issue Server Commands.

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
Wubboflex
500 Command not understood
Posts: 3
Joined: 2021-01-01 21:54
Location: Netherlands

Random Ip's trying to issue Server Commands.

#1 Post by Wubboflex » 2021-01-01 22:07

Hi Filezilla Forum,
I'm quite new and a little unfimilliar with filezilla Server. But I want to make my server accessible through the internet. But I tried it and some random Ip's connected. These forums said that the connection attemps are quite harmless. And I do believe that. But I was going through my logs and one Ip tried to connect and tried to issue commands. What is happening and do I need to be concerned? (At least I think the blue letters mean that the unknown IP is trying to issue commands)

sincerely,
Wubboflex
This is a screenshot of the server interface where I saw the blue letters and freaked out a little bit.
This is a screenshot of the server interface where I saw the blue letters and freaked out a little bit.
Serverlog.PNG (178.3 KiB) Viewed 1085 times
Sincerely,
Wubboflex

User avatar
boco
Contributor
Posts: 25509
Joined: 2006-05-01 03:28
Location: Germany

Re: Random Ip's trying to issue Server Commands.

#2 Post by boco » 2021-01-02 08:20

Script kiddies searching for vulnerable servers. In this case, trying to hack into someone's SIP account to get free phone calls etc.

The commands issued don't make any sense for an FTP server, as you can see from the server responses. They are therefore no threat (incompatible protocol). But even if attackers issued FTP commands, they cannot do any harm unless they find a way in. Have nice strong account passwords not appearing in any dictionary, and they can keep trying until the heat death of the Universe occurs (or the metastable-to-stable vacuum shift, whatever is sooner :)).

However, one question, which is probably one cause for your issues - why are you listening on port 23? Port 23 is reserved for other protocols, the correct FTP port is 21 (+ port 990 for Implicit FTPS). If you want a non-default port, use one above 1025, like 2100.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

Wubboflex
500 Command not understood
Posts: 3
Joined: 2021-01-01 21:54
Location: Netherlands

Re: Random Ip's trying to issue Server Commands.

#3 Post by Wubboflex » 2021-01-02 10:27

Hi Boco,
Thanks for the quick reply. When setting up the server I ran into some issues and I tried using different ports etc. It worked after a while and I think it wasn't the port isssue :) . So I am gonna change this soon. And It is good to know that their attempts are not something to be concerned about (in this case/sense).
One thing tho. Do kiddies and hackers on port 21 have a better chance on getting into the server instead of other ports (considering they have something to bypass the login)?

sincerely,
Wubboflex
Sincerely,
Wubboflex

User avatar
boco
Contributor
Posts: 25509
Joined: 2006-05-01 03:28
Location: Germany

Re: Random Ip's trying to issue Server Commands.

#4 Post by boco » 2021-01-02 15:33

Nope. Listening port doesn't influence server security.

The only thing that speaks for using a custom port is that you will encounter random access from strangers much less, probably never. The reason is that vulnerability scanners in most cases only scan the default ports for potentially vulnerable protocols (scanning everything is simply not feasible with limited resources).
There is just a little inconvenience, you need to remember and enter the custom port upon making a connection.

Port 23 is reserved for Telnet.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

Wubboflex
500 Command not understood
Posts: 3
Joined: 2021-01-01 21:54
Location: Netherlands

Re: Random Ip's trying to issue Server Commands.

#5 Post by Wubboflex » 2021-01-02 15:39

Boco,
Thank you for all the help and helping me to understand this service better. My question is answered,

sincerely,
Wubboflex
Sincerely,
Wubboflex

Post Reply