Author Topic: Understanding login attempts  (Read 2983 times)

0 Members and 1 Guest are viewing this topic.

Offline
**
Understanding login attempts
« on: May 24, 2021, 02:37:25 PM »
In my nginx logs I see

Quote
May 24 09:31:50 hosting pure-ftpd[343599]: (?@140.143.237.55) [INFO] New connection from 140.143.237.55
May 24 09:31:52 hosting pure-ftpd[343582]: (?@140.143.237.55) [WARNING] Authentication failed for user [wwwroot]
May 24 09:31:52 hosting pure-ftpd[343582]: (?@140.143.237.55) [INFO] Logout.
May 24 09:31:56 hosting pure-ftpd[343624]: (?@140.143.237.55) [INFO] New connection from 140.143.237.55
May 24 09:31:57 hosting pure-ftpd[343599]: (?@140.143.237.55) [WARNING] Authentication failed for user [wwwroot]
May 24 09:31:57 hosting pure-ftpd[343599]: (?@140.143.237.55) [INFO] Logout.
May 24 09:32:02 hosting pure-ftpd[343624]: (?@140.143.237.55) [WARNING] Authentication failed for user [wwwroot]
May 24 09:32:02 hosting pure-ftpd[343624]: (?@140.143.237.55) [INFO] Logout.
May 24 09:32:02 hosting pure-ftpd[343644]: (?@140.143.237.55) [INFO] New connection from 140.143.237.55
May 24 09:32:08 hosting pure-ftpd[343657]: (?@140.143.237.55) [INFO] New connection from 140.143.237.55

I can see that this is a China based IP and no authorised login is expected from this IP.

What should I do? I have blocked the IP in firewwall. A

Anything else to be done? Should I be worried?

Offline
*****
Re: Understanding login attempts
« Reply #1 on: May 24, 2021, 06:54:31 PM »
change ftp port.