I'm seeing unknown IPs in results like this in the messages log on a CentOS 6 webserver, are these IPs actually accessing the machine?
Mar 13 19:11:49 server pure-ftpd: (?@some.ip.here) [INFO] New connection from some.ip.here
Mar 13 19:11:49 server pure-ftpd: (?@some.ip.here) [INFO] Logout.
I'm also seeing others that are clearly being rejected though:
Mar 13 19:14:20 server pure-ftpd: (?@some.other.ip) [INFO] New connection from some.other.ip
Mar 13 19:14:25 server pure-ftpd: (?@some.other.ip) [WARNING] Authentication failed for user [some-username]
Mar 13 19:14:25 server pure-ftpd: (?@some.other.ip) [INFO] Logout.
The only person that has full server access is me and then some end web users/bloggers have access to Wordpress sites on the server but they aren't in the countries of these IPs.