FTP is Online

For discussion of the IRIX OS and the software ecosystem surrounding it, including troubleshooting.
User avatar
jan-jaap
Posts: 73
Joined: Fri Jun 01, 2018 5:11 pm
Location: Netherlands
Contact:

Re: FTP is Online

Post by jan-jaap » Tue Jun 12, 2018 9:15 am

mrthinlysliced wrote:
Tue Jun 12, 2018 8:24 am
Just a suggestion, but pre-create a file with that name in incoming, zero size, owned by someone else, not writeable.
I could but two months from now it's going to be another name.

It's just a bot or infected system hammering away at every directory in the FTP server. I have thousands of lines like this in the logs:

Code: Select all

Tue Jun 12 12:00:56 2018 [pid 30577] [ftp] OK LOGIN: Client "163.22.83.32", anon password "test"
Tue Jun 12 12:00:58 2018 [pid 30579] [ftp] FAIL UPLOAD: Client "163.22.83.32", "/mirrors/ftp.sgi.com/support/Patches/public/globe/5.3/3386/Photo.scr", 0.00Kbyte/sec
Tue Jun 12 12:00:59 2018 [pid 30581] CONNECT: Client "163.22.83.32"
Tue Jun 12 12:00:59 2018 [pid 30580] [ftp] OK LOGIN: Client "163.22.83.32", anon password "test"
Tue Jun 12 12:01:02 2018 [pid 30582] [ftp] FAIL UPLOAD: Client "163.22.83.32", "/mirrors/ftp.sgi.com/support/Patches/public/globe/5.3/3463/Photo.scr", 0.00Kbyte/sec
Tue Jun 12 12:01:02 2018 [pid 30584] CONNECT: Client "163.22.83.32"
Tue Jun 12 12:01:03 2018 [pid 30583] [ftp] OK LOGIN: Client "163.22.83.32", anon password "test"
Tue Jun 12 12:01:06 2018 [pid 30585] [ftp] FAIL UPLOAD: Client "163.22.83.32", "/mirrors/ftp.sgi.com/support/Patches/public/globe/5.3/3510/Photo.scr", 0.00Kbyte/sec
Tue Jun 12 12:01:06 2018 [pid 30587] CONNECT: Client "163.22.83.32"
Tue Jun 12 12:01:07 2018 [pid 30586] [ftp] OK LOGIN: Client "163.22.83.32", anon password "test"
Tue Jun 12 12:01:09 2018 [pid 30588] [ftp] FAIL UPLOAD: Client "163.22.83.32", "/mirrors/ftp.sgi.com/support/Patches/public/globe/5.3/3526/Photo.scr", 0.00Kbyte/sec
Tue Jun 12 12:01:10 2018 [pid 30590] CONNECT: Client "163.22.83.32"
Tue Jun 12 12:01:10 2018 [pid 30589] [ftp] OK LOGIN: Client "163.22.83.32", anon password "test"
Tue Jun 12 12:01:13 2018 [pid 30591] [ftp] FAIL UPLOAD: Client "163.22.83.32", "/mirrors/ftp.sgi.com/support/Patches/public/globe/5.3/3565/Photo.scr", 0.00Kbyte/sec
Tue Jun 12 12:01:14 2018 [pid 30593] CONNECT: Client "163.22.83.32"
Tue Jun 12 12:01:14 2018 [pid 30592] [ftp] OK LOGIN: Client "163.22.83.32", anon password "test"
Tue Jun 12 12:01:17 2018 [pid 30594] [ftp] FAIL UPLOAD: Client "163.22.83.32", "/mirrors/ftp.sgi.com/support/Patches/public/globe/5.3/358/Photo.scr", 0.00Kbyte/sec
Tue Jun 12 12:01:18 2018 [pid 30596] CONNECT: Client "163.22.83.32"

User avatar
jan-jaap
Posts: 73
Joined: Fri Jun 01, 2018 5:11 pm
Location: Netherlands
Contact:

Re: FTP is Online

Post by jan-jaap » Tue Jun 12, 2018 9:20 am

Oh, this is another reason to make sure you've got no directories both readable and writable:

Code: Select all

Mon Jun 11 12:49:45 2018 [pid 21930] [ftp] OK DOWNLOAD: Client "157.42.97.174", "/mirrors/ftp.mrynet.com/operatingsystems/SGI/f77to90/c13.html", 2615 bytes, 11.91Kbyte/sec
Mon Jun 11 12:49:45 2018 [pid 21930] [ftp] FAIL UPLOAD: Client "157.42.97.174", "/mirrors/ftp.mrynet.com/operatingsystems/SGI/f77to90/c13.html", 0.00Kbyte/sec
Mon Jun 11 12:49:47 2018 [pid 21930] [ftp] FAIL DOWNLOAD: Client "157.42.97.174", "/mirrors/ftp.mrynet.com/operatingsystems/SGI/f77to90/Photo.scr", 0.00Kbyte/sec
Mon Jun 11 12:49:48 2018 [pid 21930] [ftp] OK DOWNLOAD: Client "157.42.97.174", "/mirrors/ftp.mrynet.com/operatingsystems/SGI/f77to90/c14.html", 4551 bytes, 18.78Kbyte/sec
Mon Jun 11 12:49:49 2018 [pid 21930] [ftp] FAIL UPLOAD: Client "157.42.97.174", "/mirrors/ftp.mrynet.com/operatingsystems/SGI/f77to90/c14.html", 0.00Kbyte/sec
Mon Jun 11 12:49:50 2018 [pid 21930] [ftp] FAIL DOWNLOAD: Client "157.42.97.174", "/mirrors/ftp.mrynet.com/operatingsystems/SGI/f77to90/Photo.scr", 0.00Kbyte/sec
(rinse and repeat many many many times)

I'll leave the interpretation as an exercise to the reader ;)

mrthinlysliced
Posts: 41
Joined: Mon May 14, 2018 9:21 am
Location: Colchester. UK

Re: FTP is Online

Post by mrthinlysliced » Tue Jun 12, 2018 9:23 am

FWIW I know it's never easy to deal with these automated trouble makers. I run fail2ban on my server to iptables them out of the way after a couple of strikes. Might be worth looking into.

User avatar
Raion-Fox
Founder
Posts: 194
Joined: Fri Nov 17, 2017 12:23 am
Location: Virginia
Contact:

Re: FTP is Online

Post by Raion-Fox » Tue Jun 12, 2018 12:54 pm

Guys it was just a mistake because one of our directories other than incoming was writable.

Fail2ban isn't gonna work for anonymous ftp
I'm the manager

Besides irix.cc, I run these sites:

projectkitsune.com

kazuo.io

User avatar
Raion-Fox
Founder
Posts: 194
Joined: Fri Nov 17, 2017 12:23 am
Location: Virginia
Contact:

Re: FTP is Online

Post by Raion-Fox » Tue Jul 31, 2018 4:54 pm

FTP server has been updated, 6.5.30 images have been added, and most of the submissions have been processed. We've also updated the rules and will be strictly enforcing these:

tar files should be relatively pathed, not with absolute pathing. No leading path names. Tar your files in the directory above them.

No .zip,.rar or any other banned formats.

No submissions full of MacOS resource forks.
I'm the manager

Besides irix.cc, I run these sites:

projectkitsune.com

kazuo.io

Post Reply