Security Incidents mailing list archives
Re: Strange FTP traffic...
From: Erik Tayler <erik () 14X NET>
Date: Fri, 29 Sep 2000 10:39:01 -0500
Just looks like a check for a world writable incoming. I need to clear out the WaReZ puppies and VCD couriers every once in a while on this server, is this how they're finding me?
They are probably looking for a world-writable incoming directory so they can gain remote-root access to your server. Which ftp server/version are you running? Notice any strange happenings on your server? It is doubtful that people would make a directory such as .000925171453p just to store their warez. I very well could be wrong, have you found warez residing in those directories? I doubt you found anything in . / s t a n l e y / l o o k e d / q u i t e / b o r e d / a n d / s o m e w h a t / d e t a c h e d , b u t / t h e n / p e n g u i n s / o f t e n / d o / . ssh () shn nu . / / . http://projects.shn.nu/sean/ . / Anyway, send more details about your server and such, you are probably running ProFTPD or wu-ftpd, vulnerable or not, the kiddies don't know the difference. Erik Tayler http://www.14x.net http://www.digitaloffense.net
Current thread:
- Re: Strange FTP traffic... Rik van Riel (Sep 30)
- Re: Strange FTP traffic... Pluto (Oct 10)
- <Possible follow-ups>
- Re: Strange FTP traffic... Erik Tayler (Sep 30)