HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=15)
-   -   Website users? (http://www.howtoforge.com/forums/showthread.php?t=1709)

ctroyp 17th December 2005 06:25

Website users?
 
I have recently removed a user from one of the websites hosted within ISPConfig because I had a problem accessing Web-FTP for the said user. I was thinking that if I removed the user and re-created them, that it would clear the FTP problem. When I tried to re-create the user it would not allow me. States the following:
Code:

The user with the name web2_ctp does already exist.
Duplicate Email Address.
A user with administrator rights does already exist for this site.

I currently do not have any users created for this account. I also deleted the FTP directory in the users folder...

How can I clear this?

Thank you!

till 17th December 2005 09:40

Please have a look here:

http://www.howtoforge.com/forums/showthread.php?t=1472

ctroyp 17th December 2005 17:21

Quote:

Originally Posted by till

Thank you till! Worked like a charm. Now I need to check the access.

ctroyp 17th December 2005 20:00

I have sucessfully re-created the user. I still cannot access the FTP directory for this user within Web-FTP in ISPConfig. When I remove admin privileges from this user I can access everything fine. Is there a problem or can administrators not have FTP access through ISPConfig?

till 18th December 2005 14:00

There are no limits for WebFTP and amins in ISPConfig.

With an external FTP client the Admin FTP account is working? Did you get any errors when you try to login with web ftp?

ctroyp 18th December 2005 22:25

Quote:

Originally Posted by till
There are no limits for WebFTP and amins in ISPConfig.

Ok.

Quote:

Originally Posted by till
With an external FTP client the Admin FTP account is working? Did you get any errors when you try to login with web ftp?

Yes, FTP works on all accounts using an external client.

When trying to login with Web-FTP, I can login fine as long as the particular user does not have admin rights for the web (through ISPCondig). When I try logging in w/admin rights, it hangs for a couple seconds then ends my ISPConfig session. No errors that I can find...

falko 19th December 2005 11:25

Which FTP server do you use? Proftpd or Vsftpd?
Is there anything in the logs?

ctroyp 19th December 2005 17:14

Quote:

Originally Posted by falko
Which FTP server do you use? Proftpd or Vsftpd?
Is there anything in the logs?

Proftpd (Debian 3.1 Perfect Setup).

I found this in /var/log/daemon.log:

The first session [416] is from a non-admin user logging in to web-ftp successfully.

The second ftp session [449] is from my admin user logging in to web-ftp unsuccessfully. This is when it ends my ISPConfig session.

The third ftp session is from an unknown source. Someone trying to get in I guess. Starting with the [449] there were a total of 150+ attempts. Is this common?

Code:

Dec 19 09:30:18 server1 proftpd[416]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 09:30:18 server1 proftpd[416]: server1.strec.com (localhost.localdomain[127.0.0.1]) - mod_delay/0.4: delaying for 8 usecs
Dec 19 09:30:18 server1 proftpd[416]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 09:30:29 server1 proftpd[449]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 09:30:29 server1 proftpd[449]: server1.strec.com (localhost.localdomain[127.0.0.1]) - mod_delay/0.4: delaying for 1 usecs
Dec 19 09:30:29 server1 proftpd[449]: server1.strec.com (localhost.localdomain[127.0.0.1]) - mod_delay/0.4: delaying for 108 usecs
Dec 19 09:30:57 server1 proftpd[449]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 09:43:43 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - FTP session opened.
Dec 19 09:43:43 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - mod_delay/0.4: delaying for 78 usecs
Dec 19 09:43:43 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - no such user 'Administrator'
Dec 19 09:43:43 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - mod_delay/0.4: delaying for 5359 usecs
Dec 19 09:43:43 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - mod_delay/0.4: delaying for 173 usecs
Dec 19 09:43:44 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - no such user 'Administrator'
Dec 19 09:43:44 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - mod_delay/0.4: delaying for 5569 usecs
Dec 19 09:43:44 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - mod_delay/0.4: delaying for 171 usecs
Dec 19 09:43:44 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - no such user 'Administrator'
Dec 19 09:43:44 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - FTP session closed.

and on and on...

Also there are many entries where a session opens and closes (about every 30 minutes). Is this correct?
Code:

Dec 19 02:00:01 server1 proftpd[26864]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 02:00:01 server1 proftpd[26864]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 02:30:01 server1 proftpd[27254]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 02:30:01 server1 proftpd[27254]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 03:00:02 server1 proftpd[27650]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 03:00:02 server1 proftpd[27650]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 03:30:01 server1 proftpd[28036]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 03:30:01 server1 proftpd[28036]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 04:00:01 server1 proftpd[28419]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 04:00:02 server1 proftpd[28419]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 04:30:01 server1 proftpd[28875]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 04:30:01 server1 proftpd[28875]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 05:00:01 server1 proftpd[29253]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 05:00:01 server1 proftpd[29253]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 05:30:01 server1 proftpd[29632]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 05:30:01 server1 proftpd[29632]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 06:00:01 server1 proftpd[30009]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 06:00:01 server1 proftpd[30009]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 06:30:02 server1 proftpd[30512]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 06:30:02 server1 proftpd[30512]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 06:53:24 server1 proftpd[30805]: server1.strec.com (gate.frodos.fi[192.89.219.100]) - FTP session opened.
Dec 19 06:53:24 server1 proftpd[30805]: server1.strec.com (gate.frodos.fi[192.89.219.100]) - FTP session closed.
Dec 19 07:00:01 server1 proftpd[30891]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 07:00:01 server1 proftpd[30891]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 07:30:01 server1 proftpd[31270]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 07:30:01 server1 proftpd[31270]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 08:00:01 server1 proftpd[31647]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 08:00:01 server1 proftpd[31647]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 08:21:47 server1 proftpd[31927]: server1.strec.com (ACB1F122.ipt.aol.com[172.177.241.34]) - FTP session opened.
Dec 19 08:21:48 server1 proftpd[31927]: server1.strec.com (ACB1F122.ipt.aol.com[172.177.241.34]) - mod_delay/0.4: delaying for 85 usecs
Dec 19 08:21:48 server1 proftpd[31927]: server1.strec.com (ACB1F122.ipt.aol.com[172.177.241.34]) - no such user 'anonymous'
Dec 19 08:21:48 server1 proftpd[31927]: server1.strec.com (ACB1F122.ipt.aol.com[172.177.241.34]) - mod_delay/0.4: delaying for 6252 usecs
Dec 19 08:21:48 server1 proftpd[31927]: server1.strec.com (ACB1F122.ipt.aol.com[172.177.241.34]) - FTP session closed.
Dec 19 08:30:01 server1 proftpd[32033]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 08:30:01 server1 proftpd[32033]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 19 09:00:01 server1 proftpd[32417]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 19 09:00:01 server1 proftpd[32417]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed.

Furthermore, here are the corresponding entries from the auth.log for the two login attempts from web-ftp. It looks like the admin account does login successfully, but gets booted shortly after:
Code:

Dec 19 09:30:18 server1 proftpd: (pam_unix) session opened for user web2_ctp by (uid=0)
Dec 19 09:30:18 server1 proftpd[416]: server1.strec.com (localhost.localdomain[127.0.0.1]) - USER web2_ctp: Login successful.
Dec 19 09:30:18 server1 proftpd: (pam_unix) session closed for user web2_ctp
Dec 19 09:30:29 server1 proftpd: (pam_unix) session opened for user web2_admin by (uid=0)
Dec 19 09:30:29 server1 proftpd[449]: server1.strec.com (localhost.localdomain[127.0.0.1]) - USER web2_admin: Login successful.
Dec 19 09:30:57 server1 proftpd: (pam_unix) session closed for user web2_admin
Dec 19 09:39:01 server1 CRON[577]: (pam_unix) session opened for user root by (uid=0)
Dec 19 09:39:01 server1 CRON[577]: (pam_unix) session closed for user root

I also found something interesting. Due to the fact that I kept getting hit with from the unknown user, I decided to stop the proftpd service. I did so and confirmed that the user attemts ceased. I then started up the service and got this error:
Code:


server1:~# /etc/init.d/proftpd start
Starting ProFTPD ftp daemon:  - warning: "ProFTPD" address/port (192.168.2.50:21) already in use by "Debian"
proftpd.


falko 19th December 2005 19:42

Please make sure you're using the right username for login:

Quote:

Dec 19 09:43:44 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - no such user 'Administrator'
Normally the usernames are something like web<id>_<name>, not Administrator or something like that.

ctroyp 19th December 2005 20:04

Quote:

Originally Posted by falko
Please make sure you're using the right username for login:


Normally the usernames are something like web<id>_<name>, not Administrator or something like that.

That is not me but someone else trying to get in--robot or something.

If you look at what I posted from the auth.log file, you will see that I am trying to using the appropriate usernames (web2_ctp and web2_admin).


All times are GMT +2. The time now is 16:16.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.