Proftpd, no DelayOnEvent rules configured with with "DelayTable none"

My server was just returning a 504 & MXToolBox wasn’t returning any DNS info. I was looking around to see what was up, and saw this:

Aug 16 02:07:36 dev proftpd[81217]: session[81217] 0.0.0.0 (179.60.147.161[179.60.147.161]): mod_delay/0.7: no DelayOnEvent rules configured with “DelayTable none” in effect, disabling module

Aug 16 02:07:36 dev proftpd[81217]: session[81217] 0.0.0.0 (179.60.147.161[179.60.147.161]): SSH2 session opened.

Aug 16 02:07:38 dev proftpd[81217]: session[81217] 0.0.0.0 (179.60.147.161[179.60.147.161]): SSH2 session closed.

Aug 16 02:07:38 dev proftpd[81218]: session[81218] 0.0.0.0 (179.60.147.161[179.60.147.161]): mod_delay/0.7: no DelayOnEvent rules configured with “DelayTable none” in effect, disabling module

Aug 16 02:07:38 dev proftpd[81218]: session[81218] 0.0.0.0 (179.60.147.161[179.60.147.161]): SSH2 session opened.

Aug 16 02:07:41 dev proftpd[81218]: session[81218] 0.0.0.0 (179.60.147.161[179.60.147.161]): SSH2 session closed.

Should I be concerned about this. I restored a backup, and server is back up, live. I saved the logs before restoring a full system backup from Digital Ocean, but unsure exactly what brought it down as of yet.

Thanks for your thoughts.

SYSTEM INFORMATION
OS type and version RockyLinux 8.5
Webmin version 1.999
Virtualmin version 7.1
Related packages pdftpd

Maybe your domain has expired if MXtoolbox returns nothing. The proftp seems to be a bug

1 Like

Domain is active. The system backup got things back running. My concern was that someone was FTPing into, or attempting to FTP into my server. That IP address is from a different country, and not me or anyone that should be attempting to login via FTP.

I upped Fail2Ban’s bantime & findtime and lowered the maxretry a bit to help thwart these attempts.

The way it says SSH2 session opened and it appears to be open for 2 minutes before it says SSH2 session closed, had me concerned that someone was abusing our system some how to gain access. I’m unfamiliar with proftpd logs, I don’t know if that means someone was in our file system via FTP for two minutes, or if that’s just how long it took for the system to deny the attempted credentials he/she may have used.

Thanks for any thoughts.