HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials - View Single Post - pureftpd

shr3k · #1 14th June 2012, 11:30

Hi all, have you anyone found also following similar strange records in your Debian-based system auth.log as well?:

Code:

Jun 14 08:17:41 swamp pure-ftpd: pam_unix(pure-ftpd:auth): check pass; user unknown
Jun 14 08:17:41 swamp pure-ftpd: pam_unix(pure-ftpd:auth): authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=skvpraha rhost=
Jun 14 08:17:41 swamp pure-ftpd: pam_unix(pure-ftpd:auth): check pass; user unknown
Jun 14 08:17:41 swamp pure-ftpd: pam_unix(pure-ftpd:auth): authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=skvpraha rhost=
Jun 14 08:17:54 swamp pure-ftpd: pam_unix(pure-ftpd:auth): check pass; user unknown
Jun 14 08:17:54 swamp pure-ftpd: pam_unix(pure-ftpd:auth): authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=skvprahaskvpraha rhost=
Jun 14 08:17:57 swamp pure-ftpd: pam_unix(pure-ftpd:auth): check pass; user unknown
Jun 14 08:17:57 swamp pure-ftpd: pam_unix(pure-ftpd:auth): authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=skvprahaskvpraha rhost=

I wonder how it is possible that pureftpd does not detect remote host. My fail2ban can't subsequently block it because is missing rhost...

And /etc/pure-ftpd/conf/DontResolve is set to yes of course.