What to do now.....

Hello I just noticed this email:

Code: 
The remote system 81.214.104.92 was found to have exceeded acceptable login failures on server01.*; there was 78 events to the service proftpd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.

Executed ban command:
/etc/apf/apf -d 81.214.104.92 {bfd.proftpd}

The following are event logs from 81.214.104.92 on service proftpd (all time stamps are GMT -0600):

Jan 12 17:27:08 server01 proftpd[32084]: cod2.* (81.214.104.92[81.214.104.92]) - USER spygen: no such user found from 81.214.104.92 [81.214.104.92] to 72.232.36.42:21 Jan 12 17:27:08 server01 proftpd[32087]: (repeats over and over and over)
- Thank you;
root@server01*
what do I do to make sure future things wont happen? Please help.

Thank you

 

 

 

 

Top