How do I troubleshoot "anonymous ftp attempts" from my PCs?


  1. retreaded
    Posts : 25
    Windows 10
       New #1

    How do I troubleshoot "anonymous ftp attempts" from my PCs?


    I have a recurrent problem: My hosted website servers keep locking me out due to "anonymous ftp attempts" to log in. I don't know much of anything about ftp, I just don't use it. However, my website servers say that too many anonymous ftp attempts will result in a lockout of my IP, which has been an ongoing issue for months. Tech support at the hosted servers can only say "stop trying to log in using anonymous ftp".

    I have no idea how this is occurring nor how to troubleshoot what program on my Windows 10 PCs (both of them do this) is responsible. Can someone help?
      My Computer
    Quote Quote

  3. Samuria
    Posts : 8,111
    windows 10
       New #2

    FTP is used to upload files to the server have you got any web creation tool on your pc that my try and do it. Dont the server keep logs so you can see what ip is trying to connect as it may not be you
      My Computer
    Quote Quote

  4. retreaded
    Posts : 25
    Windows 10
    Thread Starter
       New #3

    It is a log-in issue. The server sees an attempt by an anonymous ftp to log in from my IP. I am not trying to log in via ftp, but use only the authorized login on the WordPress website. My website host says after so many attempts from the anonymous ftp attempt, it blocks the IP. It is my IP and that's the problem. I get locked out of my own website. In the meantime I can't find out what is going on and don't know how to stop the anonymous ftp attempts. I know very little about ftp, but I do know that I don't use it to the best of my knowledge. This issue comes up every couple of months and it is driving me (and my webhost) crazy. I have no idea how to trouble shoot this problem, but my webhost says some program on my PCs is sending an ftp attempt. Interestingly, it occurs no matter which PC I am using (I think). Both PCs are using Windows 10 through the same network, router, and IP.
    My research tells me that Windows has an ftp program, but it is on IIS, which I do not have set up or have any knowledge on how to use. Any suggestions on where to begin?
      My Computer
    Quote Quote

  6. Digital Life
    Posts : 822
    Microsoft Windows 10 Pro 64-bit
       New #4

    One way to find out if your running a FTP server is to open a Admin Powershell prompt and type
    Code:
    netstat -anao | findstr "\<21\>"
    Since I am not running anything related to FTP I changed the port to 443 since I know chrome is running and has that port open.
    Code:
    PS C:\WINDOWS\system32> netstat -anao | findstr "\<443\>"  
  TCP    192.168.100.99:22680   65.52.108.205:443      ESTABLISHED     2888
  TCP    192.168.100.99:22683   65.52.108.186:443      ESTABLISHED     8032
  TCP    192.168.100.99:23221   184.172.52.107:443     ESTABLISHED     9696
  TCP    192.168.100.99:23222   65.55.44.109:443       ESTABLISHED     2536
  PS C:\WINDOWS\system32>
    Now I look at the number that is at the end, In my case I am going to pick 9696, then I will Type this command into powershell and search for 9696
    Code:
    Get-Process
    And the result if I search for 9696 tells me it's Chrome
    Code:
    PS C:\> Get-Process

Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName
-------  ------    -----      -----     ------     --  -- -----------
    527      25    15900      25832       1.09   7464   1 ApplicationFrameHost
    200      11     2272       6896              1660   1 atieclxx
    119       7     1024       3464              1632   0 atiesrxx
    201      13     7016      13536       1.22   4616   0 audiodg
    239      20    30356      27724       1.38   3532   1 chrome
    331      34    67968      76816      40.86   5452   1 chrome
    274      41   120580      86784      68.45   5552   1 chrome
    239      20    28416      26232       1.05   6472   1 chrome
    240      30    75040      67992      64.67   8308   1 chrome
    361      54   168152      67580     698.94   8804   1 chrome
    239      20    29400      27012       1.25   9332   1 chrome
   1788      62   123048     143000     968.20   9696   1 chrome
    219      11     2052       8004       0.42   9712   1 chrome
    145      11     2008       8520       0.13   9744   1 chrome
    386      29    65104      49084     283.13   9852   1 chrome
    254      22    39280      25508       1.39  10236   1 chrome
     43       4     1980       3068       0.02   3668   1 cmd
    235      13     6744      18336       0.83   7884   1 conhost
    106       7     5308       5392       0.06   8660   1 conhost
    230      12     3728      14644      19.39   9168   1 conhost
    603      27    13976      23880      19.59   6408   1 CSISYN~1
    715      20     1700       3680               464   0 csrss
    496      18     3976       4132               584   1 csrss
    598      22     9304      17360              2960   0 dasHost
    122       7     1568       6972              2308   0 dllhost
    143       8     1884       9188       0.27   2792   1 dllhost
    657      36    43020      37184               388   1 dwm
   2779     124    62728     111900   1,122.02   1268   1 explorer
     45       6     1552       2852               732   0 fontdrvhost
     45       7     2320       6160               912   1 fontdrvhost
    432      21     4256      12680              2552   0 FoxitConnectedPDFService
    145      10     1824       5920       0.45   7176   1 hostssrv64
      0       0       52          8                 0   0 Idle
   1935      23     7792      14728               652   0 lsass
    167      15     1884       6228              2508   0 mDNSResponder
      0       0      560     154280              3164   0 Memory Compression
    581      45    26068      44788       2.08   4928   1 Microsoft.Msn.Weather
    922      53    26688      59924      15.11   7036   1 Microsoft.StickyNotes
    521      43    32804      37824              3812   1 MouseWithoutBorders
    148      10     1924       8864       0.34   5348   1 MSASCuiL
    613      62   125388      88792              2844   0 MsMpEng
    202      33    18508       9028              4700   0 NisSrv
    340      35    29892      21800              2612   0 NLSvc
    821      43    31704      46020      99.41   8032   1 OneDrive
    123       9     1640       1112       0.09   8568   1 ONENOTEM
    729      30    55808      67312      24.16    192   1 powershell
    237      12     3300      14032       0.67   8116   1 RemindersServer
    749      37    28348      48612     128.89   6584   1 RuntimeBroker
    688      64    27180      29084              6652   0 SearchIndexer
    885      63    54000      60348       6.58   7120   1 SearchUI
    332      15     4028      12812              2680   0 SecurityHealthService
    603      10     4540       6960               644   0 services
    661      27    24328       8280     487.70   8280   1 SettingSyncHost
   1035      43    54244      57488       6.19   7112   1 ShellExperienceHost
    570      16     5720      20744      14.80   5820   1 sihost
     52       3      464        592               348   0 smss
    460      26     6156      10572              2296   0 spoolsv
    432      20     5092      12956               100   0 svchost
    285      15     3668      12780               676   0 svchost
     70       5      916       3088               744   0 svchost
   1086      22    10928      31108               788   0 svchost
    108       7     1280       6096               928   0 svchost
    990      17     6428      11400               948   0 svchost
    230       8     2156       5312               992   0 svchost
    177      11     2140       9008              1040   0 svchost
    490      35    13228      19992              1068   0 svchost
    144       9     1872      10392              1076   0 svchost
    370      18     5964      11996              1088   0 svchost
    209      12     2364       9452              1148   0 svchost
    111       8     1560       4872              1248   0 svchost
    386      14    11548      10796              1284   0 svchost
    191       9     2004       7984              1292   0 svchost
    133       8     2956       9440              1400   0 svchost
    157      34     7460       9236              1424   0 svchost
    388      18     3656      10400              1456   0 svchost
    251      10     2616       6888              1480   0 svchost
    401      18     5828      12628              1560   0 svchost
    145      10     2040       7692              1576   0 svchost
    123      11     1816       5516              1720   0 svchost
    165       7     1256       4964              1756   0 svchost
    507      12     3480       8948              1764   0 svchost
    152       9     1948       7072              1780   0 svchost
    156      12     1792       7756              1904   0 svchost
    164      10     1948       6848              1944   0 svchost
    281      12     2872      10716              2032   0 svchost
    391      17     4996      11252              2108   0 svchost
    179      13     2140       9992              2164   0 svchost
    449      19     3944      16884              2260   0 svchost
    174      11     2016       7196              2340   0 svchost
    236      25     3528      12576              2500   0 svchost
    172       8     2000       6136              2516   0 svchost
    446      21     5700      18588              2536   0 svchost
     83       7     1352       4316              2544   0 svchost
    306      20    20760      23492              2560   0 svchost
    189      10     2292       7328              2572   0 svchost
    164       9     3292       6320              2620   0 svchost
    207      16     2492       8124              2632   0 svchost
    179      11     2260      11404              2668   0 svchost
    235      31     4572      17220              2700   0 svchost
    110       7     1228       4708              2716   0 svchost
    390      20     7452      13196              2744   0 svchost
    400      20     5312      20712              2888   0 svchost
    761      28     7428      19468              3704   0 svchost
     89       7     1264       4608              3744   0 svchost
    377      22     3724       8844              3996   0 svchost
    179      10     2008       8012              4068   0 svchost
    194      15     6008       8848              4156   0 svchost
    159      10     1980       6780              4916   0 svchost
    248      12     3348      13072              4984   0 svchost
    261      18     4152       9760              5052   0 svchost
    129      18     1696       6264              5096   0 svchost
    267      14     3472      14596              5136   0 svchost
    179      11     2060       8336              5164   0 svchost
    298      16     3528      14556              5300   0 svchost
    139       7     1664       6028              5336   0 svchost
    226      11     2504       7408              5384   0 svchost
    248      15     3976      17680      11.95   5408   1 svchost
   1166      66    23368      31952              5448   0 svchost
    297      16     4132      19276              5500   0 svchost
    362      33     3872      12236              5604   0 svchost
    346      19     5444      16472              5624   0 svchost
    396      20     6800      25036      87.95   5816   1 svchost
    210      15     2680      10508              5904   0 svchost
    671      32     7456      26764      26.11   6224   1 svchost
    550      31    10268      19776              9044   0 svchost
    151       9     1712       6848              9348   0 svchost
    389    8214    59308      63224     571.19   8648   1 syncthing
    611      58    59640      64488     155.86   8204   1 SyncTrayzor
   3394       0      148       5912                 4   0 System
    615      30    17348      43348       4.83   4744   1 SystemSettings
    500      34     7920      19984      22.20   3580   1 taskhostw
    693      47    15380      37768      68.47   1084   1 TeamViewer
    416      25     6304      17960              2728   0 TeamViewer_Service
    170      10     1336       6316              3432   1 tv_w32
    151       9     1468       5904              4088   1 tv_x64
    155      11     1792       6124              2800   0 vmnat
     78       7     7436       3864              2772   0 vmnetdhcp
    301      16     4772       8520              3612   0 vmware-authd
    378      34    25144      13428              4304   0 vmware-hostd
    211      12     2492       8312              3620   0 vmware-usbarbitrator64
    185      13     2884      13768       0.38   9648   1 vncaddrbook
    144       9     1404       5064              2872   0 WindscribeService
    141      10     1264       4652               576   0 wininit
    236      11     2448       7596               848   1 winlogon
    759      55    28272      61712       2.83   7132   1 WinStore.App
    165      11     3108       9756              2712   0 WmiPrvSE
    143       9     2488       8180              7868   0 WmiPrvSE
    674      30     9208       7200              8968   0 wmpnetwk

PS C:\>
    Now you know the name of the program
      My Computer
    Quote Quote

  7. retreaded
    Posts : 25
    Windows 10
    Thread Starter
       New #5

    I'm sorry, but I am not a power user. I followed your example, inputing port 21, and the only TCP port showing was 80 with a value that pairs with "iexplore" (Process Name). Assuming this is internet explorer, that still doesn't tell me the name of a program using port 21. And if I did this correctly, telling me IE is the program gives me no useful information. But thanks anyway.
      My Computer
    Quote Quote

  8. Digital Life
    Posts : 822
    Microsoft Windows 10 Pro 64-bit
       New #6

    How are you updating your wordpress site. Do you connect with your Web browser and add or edit your pages that way or do you use a HTML editor.
      My Computer
    Quote Quote

  9. retreaded
    Posts : 25
    Windows 10
    Thread Starter
       New #7

    I update my WP sites with a browser.
      My Computer
    Quote Quote

  10. Digital Life
    Posts : 822
    Microsoft Windows 10 Pro 64-bit
       New #8

    I think I have been looking at this from the wrong direction.

    If you or someone is trying to connect to your server with FTP you should look at the settings for your server and figure out what setting is leaving that port open. It's probably some version of Linux so you may have to look into IPtables to stop it.

    There are over 1 million attempts to hack wordpress sites every month if your new to the world of running a web site for fun or profit you might want to hire somebody who can set it up for you, At the very least you may have to spend a week reading your providers help manuals.
      My Computer
    Quote Quote

 

  Related Discussions
Is it possible to change "Open" and "Save As" windows view to "List" instead of "Details" globally without having to set List view in File Explorer? I would like to use Details view in File Explorer and List view for "Open" and "Save As" windows. ...
So i've done all i know to do. I've been through the developers forum (more on that in a moment) and its gained me nada. This is my last ditch. I have 3 applications capable of wake on lan. Wake on LAN (Magic Packet) which is a UWP app, ...
After i installed windows 10 on my Asus N53SV, the keyboard doesnt work properly. I look on the internet for help, but it looks like im the only one. I tried uninstall and reinstall almost everything i know. From keyboard driver, touchpad, etc....
So I use a program called Transcribe! to transcribe music. It's made by Seventh String Software and I had been using the Mac version for the last 10 years or so. Just to give a quick bit of background info - Transcribe! is a a program that slows...
My Windows 10 tablet "Updated" and now I do not have internet whatsoever, it doesn't connect to my home wifi nor does it connect to my mobile hotspot. It won't even connect to the college wifi where I take classes, I have a yellow triangle under the...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 21:09.
Find Us




Windows 10 Forums