Filetransfer exploit?

samedi 13 février 2016

I have disabled filetransfer for normal users. At that time I was running server version 3.0.11.4 . Since I got no answers when googleing for this error I thought, might as well post about it here. Maybe it hasn't been fixed in the newer version.
This was in my logs before the server crashed. Didn't think it was an attack at that time

Code:
2016-02-12 20:45:20.618765|ERROR  |FileManager  |  | select() failed Bad file descriptor
2016-02-12 20:45:20.625791|ERROR  |FileManager  |  | select() failed Bad file descriptor
2016-02-12 20:45:20.635050|ERROR  |FileManager  |  | select() failed Bad file descriptor
2016-02-12 20:45:20.711667|ERROR  |FileManager  |  | select() failed Bad file descriptor
2016-02-12 20:45:20.759764|ERROR  |FileManager  |  | select() failed Bad file descriptor
2016-02-12 20:45:20.888117|ERROR  |FileManager  |  | select() failed Bad file descriptor
2016-02-12 20:45:21.309319|ERROR  |FileManager  |  | select() failed Bad file descriptor
2016-02-12 20:45:21.562294|ERROR  |FileManager  |  | select() failed Bad file descriptor
2016-02-12 20:45:21.707894|ERROR  |FileManager  |  | select() failed Bad file descriptor
Since i was SSH-d into my vps I had server running up again almost instantly. Then i saw that the new logfile was abnormally large.
It had the same error but 12000 lines of it, after the server had been running for only ~2 mins.
Cause of this attack there were 3.5k+ processes running(I guess every filetransfer makes a new thread). My CPU spiked to 100% usage at times. This is the packet the attacker was sending (removed just in case)
I have a tcpdump file from the time of attack. If devs want to take a look at it PM me.
Filetransfer exploit?
Publié par teacher à 05:51
Libellés :

0 commentaires:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)