Issue Logwatch FTP question

Inuya5ha

Inuya5ha

New Pleskian
Hi, I'm getting tons of these items in the logwatch mail. My FTP accounts are working perfectly, and there is no file /etc/ftpusers, so how and why is this file being invoked by brute force login attemps? I want to get rid of this from the logwatch in the most appropriate manner.
Code: 
pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
pam_unix(proftpd:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/ftpd3972 ruser=XXXX rhost=222.220.145.235  user=XXXX

In another forum, a user simply suggested to create an empty /etc/ftpusers file, is this the recommended way to fix this? Thanks.
 
In file /etc/pam.d/proftpd try to comment line

session include system-auth

So, it should be like:

# cat /etc/pam.d/proftpd
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
#session include system-auth
session required pam_loginuid.so

Then restart xinetd service.
 
You must log in or register to reply here.

Similar threads

W
Resolved FTP error not working
Replies
2
Views
1K
WilliamGm
W
G
Resolved Fail2ban plesk-dovecot does not ban bad logins
Replies
3
Views
619
GwenDragon
G
tkalfaoglu
Resolved How to stop all these audit messages?
Replies
1
Views
4K
tkalfaoglu
tkalfaoglu
Mike23
Resolved Server Error 500 Zend_Db_Adapter_Exception SQLSTATE[HY000] [2002] No such file or directory
Replies
1
Views
3K
Mike23
Mike23
A
Resolved Unable to start Apache
Replies
1
Views
2K
menderes
menderes
Back
Top