[FX.php List] Many [Guest] authentication attempts? (FMS Warnings)

Joel Shapiro jsfmp at earthlink.net
Mon Nov 10 15:50:41 MST 2008 

Hey Bob

Thanks for the reply.

These attempts are specifically on the DB (via fmxml), not on FTP  
(which I believe is disabled on the machine), but I'll try to check  
other non-FM hits to the server to see what else might be going on.

Also, it's curious that the username used is "[Guest]" -- which I  
think is a default only in the FileMaker world, and I think only the  
administrators would know it's a FileMaker backend -- but at least  
these hits aren't able to authenticate and it doesn't seem to have  
affected performance.

I'll keep an eye on it, though, especially since it's not a public  
site (it's got an obscure url, plus it's using SSL).

Thanks,
-Joel


On Nov 10, 2008, at 12:35 PM, Bob Patin wrote:

> Joel,
>
> My servers get hit all the time with FTP login attempts; so long as  
> one avoids the obvious login usernames and passwords, it wont' be a  
> problem, that I can see. Can I stop it? No, so long as I have an  
> FTP server running on a machine. All of my web servers have FTP  
> server software running out of necessity, so it's something I've  
> gotten used to seeing.
>
> Morons with nothing better to do than to try to break into servers  
> or sites are rife on the web...
>
> Bob Patin
> Longterm Solutions LLC
> bob at longtermsolutions.com
> 615-333-6858
> http://www.longtermsolutions.com
> iChat/AIM: bobpatin
> FileMaker 9 Certified Developer
> Member of FileMaker Business Alliance
> --------------------------
> FileMaker hosting and consulting for all versions of FileMaker
> PHP • Full email services • Free DNS hosting • Colocation • Consulting
>
> On Nov 10, 2008, at 12:38 PM, Joel Shapiro wrote:
>
>> Hi all
>>
>> One of my clients' FMS9 machines recently had three consecutive  
>> days that saw large amounts of consecutive attempted logins to  
>> their FX.php solution apparently using a [Guest] account.
>>
>> The line in the FMS event log is:
>> 2008-11-03 10:06:13.691 -0800	Warning	661	<Server>	Client "[Guest]  
>> 127.0.0.1:0" authentication failed on database "File.fp7" using  
>> "[Guest] [fmxml]".
>>
>> There are exactly 60 such lines within 3 seconds (between  
>> 10:06:13.691 and 10:06:16.473).
>>
>> The [Guest] account is inactive in both the Data file and the Web  
>> file.  (All user authentication is via External Authentication  
>> (Active Directory), and continues to work correctly.)
>>
>> What could be causing this?  Has anybody seen anything like this  
>> before?
>>
>>
>> I can replicate the warning message in the event log by manually  
>> entering "[Guest]" as the username (and any password) into the  
>> site's login page (although of course the login fails).
>>
>> FMS 9.0.3.326
>> Windows Server 2003 SP2
>>
>> TIA,
>> -Joel
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

More information about the FX.php_List mailing list