In just the past week, I have been getting a repeating message in my
/var/log/secure file as follows:
Jun 16 02:33:01 ns in.ftpd: refused connect from xxx.xxx.xxx.xxx
(ip changed to protect the innocent)
I have my hosts.allow and hosts.deny files set up to only allow certain
ips to telnet or ftp. What is weird about this message is that the
xxx.xxx.xxx.xxx is the ip of my web server ip. I never got this before.
Can anyone tell me how to trace this problem?