ShALLaX.com Forums

Hi guys..

I woke up this morning to a noisy xbox..

It was running at 100% cpu..

As i connected to it, it noticed nothing "really bad" happening.. There was a whole bunch of sshd instances - but noone else but me was connected. I checked the syslog - and only thing that has happened is some fool connecting to my ftp (proftpd) just before midnight..

Nov 26 23:57:44 xbox proftpd[4916]: xbox (70.246.185.78[70.246.185.78]) - FTP session opened.
Nov 26 23:57:47 xbox proftpd[4916]: xbox (70.246.185.78[70.246.185.78]) - FTP session closed.

After that there isn't anything more in my syslog until I rebooted the server at 0800.

I've stopped proftpd, and changed the root password, but the strange thing is that it seems (at least in mrtg) that the high CPU started just before I got up (and checked the box). (http://xboxlinux.mine.nu/mrtg) (the high CPU and network traffic last night is MY "fault").

I'm running a virus scan as we speak, but as the server is still running Pro 3.0, I'm going to upgrade instead of all this worrying..

Thank god all my data is located elswhere

Anyone ever seen anything like this? - Anything to worry about (when reinstalling)..?

Steinar T

Those entries in syslog could be the result of someone portscanning you.

I've calmed down a bit since this morning
And sort of realised I will upgrade to Pro 4.1 before turning paranoid again..

The xbox has been acting as it should since this "incident" and I can't spot anything else in the logs.

I'm behind a firewall, and "someone" accessing my ftp ports (through portscan, or just "blond luck" isn't really unexpected). I'm keeping my eye on other services (not available from the web).

But just to stay on the safe side, I'll be upgrading to Pro 4.1 soon!

Steinar T