Freenas - Does this mean someone FTP'ed my data away?

RichTJ99

Patron
Joined
Sep 12, 2013
Messages
384
Hi,

I was going through some of my freenas server logs - specifically in the var/logxfer area. I have a ton of log entries like this:

Code:
Thu Mar 05 09:09:44 2020 0 10.36.42.227 2362513 /mnt/Pool/Shared/VM_Desktopfolder/Cruise_2019/Screenshot_20190415-131124.png b _ o r root ftp 0 * c
Thu Mar 05 09:09:44 2020 0 10.36.42.227 3902071 /mnt/Pool/Shared/VM_Desktopfolder/Cruise_2019/MVIMG_20190419_200800.jpg b _ o r root ftp 0 * c
Thu Mar 05 09:09:44 2020 0 10.36.42.227 4430738 /mnt/Pool/Shared/VM_Desktopfolder/Cruise_2019/2019-04-13_14.48.23-1.jpg b _ o r root ftp 0 * c
Thu Mar 05 09:09:45 2020 0 10.36.42.227 4369141 /mnt/Pool/Shared/VM_Desktopfolder/Cruise_2019/IMG_20190414_181431.jpg b _ o r root ftp 0 * c


I did change the IP slightly - but the IP says it is in California & I am on the east coast. Would this mean my freenas box was accessible to the outside world, someone copied the data, and may or may not still have access?

Any help would be great & I can look elsewhere if needed.

Thanks,
Rich
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
It certainly looks like those entries are indicating that there was an FTP transfer of the listed files to the listed IP address... as root... so if it wasn't you, things don't look good for your privacy.

Do what you can to confirm the true location of the IP address (I guess you put the 10 at the front, but if not, it might be less concerning).
 

RichTJ99

Patron
Joined
Sep 12, 2013
Messages
384
Hi - I think that is something I can trace internally. Is there another spot i can download logs of all logins/ip's? I would also like to see if Iscsi was ever configured, snapshots sent offsite, etc. Is there somewhere I can dig though the logs to find that?
 
Last edited:
Top