Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Solved] An unwanted vsftpd connection

Featured Replies

My RC11 syslog shows this: (slightly modified)

 

Jan 30 13:34:42 JacoBack kernel: mdcmd (58): spindown 9
Jan 30 17:52:30 JacoBack kernel: mdcmd (59): spindown 9
Jan 30 18:05:12 JacoBack vsftpd[30573]: connect from 192.168.3.33 (192.168.3.33)
Jan 30 18:54:56 JacoBack kernel: mdcmd (60): spindown 1
Jan 30 18:54:56 JacoBack kernel: mdcmd (61): spindown 3

 

That IP is my other computer, a Windows XP machine with no one on it at that time, and no evidence of an intrusion, and I don't think it has ever been used for FTP.  I've checked it rather thoroughly for malware, and found nothing significant.  I've seen a lot of syslogs and don't think I've ever seen an FTP connection line before.  I do understand Tom added vsftp capability to RC11.

 

So do I have a problem?  Any ideas from the FTP and Linux gurus?  Is this a real connection or just a probe?

 

Edit:  forgot to mention that I have never enabled or configured anything related to FTP on my UnRAID server.  I assume therefore there are no FTP services enabled?

A wild a$$ thought!  As I recall most browsers support ftp.  I wonder if you are using a browser on that machine to access your server and it is attempting to establish an ftp link...

  • Author

A wild a$$ thought!  As I recall most browsers support ftp.  I wonder if you are using a browser on that machine to access your server and it is attempting to establish an ftp link...

Good idea, but I wasn't using that machine, and no browser was running.  Thinking in terms of what might have been running that had communications or connectivity capabilities, if not FTP, I had a TightVNC server running (passworded) but no evidence of use, and I have Gbridge running, something I'm a little suspicious of, since they seem to have stopped development, but no malware tool finds anything amiss.  I don't think Secunia has any reports concerning it, and as far as I know it's locked down.  Router is a typical Verizon NAT router, with no port forwarding I know of (but should check again!).

 

Well, that got me checking and thinking, so I've come up with another suspect.  About 3 or 4 weeks ago, I installed a network monitoring tool called MyLanViewer, that not only scans and identifies all network devices, but makes it easy to remotely shut them down or hibernate them, then wake them up with WOL.  Subject to the vagaries of WOL, it works pretty well.  It also once in a while more thoroughly scans devices for their capabilities, so perhaps it probes for FTP servers?  I'll have to check this out.

  • Author

I finally got around to testing MyLanViewer and sure enough, it has a network device scanner that does include scanning for FTP resources.  It caused my UnRAID server to produce the same vsftpd line.  The syslog line therefore indicates a harmless probe, although still seems a bit confusing in that it indicated a connection.  The scanner did not actually find any FTP resources.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.