Runaway ProFTP?

Ryan Coleman ryan.coleman at cwis.biz
Tue Dec 14 18:21:25 UTC 2010 

And it's fixed now... not sure what the deal was with portsnap but it finally worked. I appreciate all the help.

--
Ryan

On Dec 10, 2010, at 10:59 PM, Ryan Coleman wrote:

> I have not been able to get portsnap to work at all today.
> 
> 
> On Dec 10, 2010, at 10:53 PM, Grant Peel wrote:
> 
>> ----- Original Message ----- From: "Jerry Bell" <jerry at nrdx.com>
>> To: <freebsd-questions at freebsd.org>
>> Sent: Friday, December 10, 2010 4:47 PM
>> Subject: Re: Runaway ProFTP?
>> 
>> 
>>> I have been having this happen a few times per week for the past few weeks. I believe it is caused by someone attacking proftpd.  I noticed today that there is an updated version - 1.3.3c that fixes a vulnerability that they may have been trying to exploit.
>>> 
>>> When I looked at the process list, I would see around 20 proftpd's, each with a high amount of CPU used, and connected to a specific IP.  I'd firewall off those IPs and kill off proftpd/restart.  Knock on wood, I have not had that happen since upgrading to 1.3.3c, but that may just be because no one has tried again yet.
>>> 
>>> Jerry
>>> On 12/10/2010 4:39 PM, Ryan Coleman wrote:
>>>> Does anyone have any ideas?
>>>> 
>>>> On Dec 9, 2010, at 3:12 PM, Ryan Coleman wrote:
>>>> 
>>>>> Dear list,
>>>>> 
>>>>> Has anyone else had experience with ProFTP 1.3.3a running away with processes? I installed it about 2 months ago with a new server build and over the course of the last three weeks I've had to forcibly kill, wait and restart the service every one-to-three days and sucking up between 20% and 80% of my system resources.
>>>>> 
>>>>> I've attempted to change the logging in hopes to track down what is causing the problems but I have not been successful. Additionally it won't connect after a restart through Filezilla but using Terminal on my MBP it will connect in the CLI.
>>>>> 
>>>>> It's not the end of the world (for me) but it is for my staff when they have to upload large numbers of photos.
>>>>> 
>>>>> Thanks,
>>>>> Ryan
>>>>> 
>>>>> _______________________________________________
>>>>> freebsd-questions at freebsd.org mailing list
>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>>>> _______________________________________________
>>>> freebsd-questions at freebsd.org mailing list
>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>>> 
>>> _______________________________________________
>>> freebsd-questions at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>>> 
>> 
>> Indeed, this Proftpd 1.3.3a vulnerability is exactly what my post on upgrading a single port is all about. I can say for a fact that the botnets are trying to use the vulnerability and that you are quite correct that the CPU /  ZOMBIE processes are exploit related.
>> 
>> I just upgraded today and so far so good.
>> 
>> \FYI for anyone that is following my thread on updating one single port: I must have a somwhat busted installation. Using port upgrade failed ... sorry I did not remember to keep the output, but, I was able to download the source from proftpd.org and install it from scratch.
>> 
>> -Grant 
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list