Resolved many ftp session opened and closed immediately

[fferraro87]

Hi,

i've some strange problem on my plesk server.
every x hours site hosted on my plesk (from my monitoring system) seems to going down, but it's not offline, only they redirect to a url like this "http://site.name/?adjriqwmasmgfdosfosdmasdasmdasngo"
and after one or two redirects on this type of url, finally they redirect to the right url.

So i've scanning my vm logs and on /var/log/messages i've many lines like these (everytime with different IPs) :

Sep 13 04:26:17 localhost xinetd[917]: START: ftp pid=13777 from=::ffff:91.200.12.53
Sep 13 04:26:17 localhost proftpd[13777]: processing configuration directory '/etc/proftpd.d'
Sep 13 04:26:17 localhost proftpd[13777]: 0.0.0.0 (91.200.12.53[91.200.12.53]) - FTP session opened.
Sep 13 04:26:22 localhost proftpd[13777]: 0.0.0.0 (91.200.12.53[91.200.12.53]) - FTP session closed.
Sep 13 04:26:22 localhost xinetd[917]: EXIT: ftp status=0 pid=13777 duration=5(sec)

So what does it mean? there are many IP that trying to connect to my plesk on FTP and plesk closed connections?

Thanks

 

[UFHH01]

Hi fferraro87,

there are many IP that trying to connect to my plesk on FTP and plesk closed connections?

Yes, they are trying to connect, but didn't authenticate. Nothing to worry about, but IF this happens too often on your server, pls. consider to use Fail2Ban to block them.

If you need to investigate the redirects, pls. consider to post corresponding logs from your (sub)domain - specific webserver log - files.

 

[fferraro87]

Thanks UFHH01