Security Incidents mailing list archives
Re: ProFTPD Scan?
From: "Steven J. Hill" <sjhill () cotw com>
Date: Tue, 13 Mar 2001 09:32:38 -0600
Kurth Bemis wrote:
I found these in todays logs - notice the times "15:32:13" thats four hits at the same time. and then two at a different time. Looks like a DoS attempt to (although i've been known to have been wrong). In today's logs. Mar 12 15:30:28 trinity proftpd[19132]: trinity (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login failed): Can't find user. Mar 12 15:32:13 trinity proftpd[19147]: trinity (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login failed): Can't find user. Mar 12 15:32:13 trinity proftpd[19148]: trinity (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login failed): Can't find user. Mar 12 15:30:28 trinity proftpd[19132]: trinity (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login failed): Can't find user. Mar 12 15:32:13 trinity proftpd[19147]: trinity (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login failed): Can't find user. Mar 12 15:32:13 trinity proftpd[19148]: trinity (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login failed): Can't find user. Can anyone provide insight?
You bet I can. This person is a warez script kiddie. I _USED_ to have a world writeable upload directory for my colaborative work and a kiddie from this exact domain uploaded 350MB to my site of warez. I still have the logs from this one. I emailed the sysadmins at this domain and never heard back from them. They apparently have not done shit about it. This kiddie was trying to find a word writeable directory. -Steve -- Steven J. Hill - Embedded SW Engineer Public Key: 'http://www.cotw.com/pubkey.txt' FPR1: E124 6E1C AF8E 7802 A815 FPR2: 7D72 829C 3386 4C4A E17D
Current thread:
- ProFTPD Scan? Kurth Bemis (Mar 12)
- Re: ProFTPD Scan? Janek Shein (Mar 12)
- Re: ProFTPD Scan? X (Mar 12)
- Re: ProFTPD Scan? Jose Nazario (Mar 12)
- Re: ProFTPD Scan? Steven J. Hill (Mar 13)
- Re: ProFTPD Scan? Kurth Bemis (Mar 14)
- Re: ProFTPD Scan? Rik van Riel (Mar 20)
- Re: ProFTPD Scan? Mike Stilson (Mar 14)
- <Possible follow-ups>
- Re: ProFTPD Scan? Guillaume.COURTOIS (Mar 15)