Advice/Help sought for log entries as a result of a connection attempt by an unknown actor
Moderator: Project members
-
- 500 Command not understood
- Posts: 3
- Joined: 2021-11-24 03:14
- First name: David
- Last name: Every
Advice/Help sought for log entries as a result of a connection attempt by an unknown actor
I have an unknown person/actor attempting to log into my FTP Server. The server does a handshake then sends my certificate, then the session finishes gracefully. The log is saving every step but i dont know how to interpret what is happening and whether its dangerous I.E. is the attacker actually getting useful information or not? I can post the log but it contains (i assume) personal info relating to my FTP server. Any pointers or advice would be most welcome. I would like to understand this more so i know how to respond in future.
Re: Advice/Help sought for log entries as a result of a connection attempt by an unknown actor
Then, that is not a login attempt, only a scan. A login attempt would be the client trying username and password combinations, which many do for user "Administrator".I have an unknown person/actor attempting to log into my FTP Server. The server does a handshake then sends my certificate, then the session finishes gracefully.
The client is getting (apart from the server URL, IP, port, and the fact that an FTP server is listening at that address, information they already have at that point) your certificate (which is public and sent to every client) as well the negotiated ciphersuites, KEX algorithms etc. No files and directories until they manage to log in. Looks like they are scanning for vulnerabilities or the like.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Command not understood
- Posts: 3
- Joined: 2021-11-24 03:14
- First name: David
- Last name: Every
Re: Advice/Help sought for log entries as a result of a connection attempt by an unknown actor
ah i see, ok thanks that is very useful. I will ignore these and watch for user/pw attempts. I think the autoban function will come in handy on that front. I can't restrict IP ranges because the people that I DO want to access it change their IP's fairly regularly. Thanks heaps for the the advice.
Re: Advice/Help sought for log entries as a result of a connection attempt by an unknown actor
Usually they want to find running instances of MS' IIS FTP server. Guess why...
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org