Security Incidents mailing list archives

Re: Hacked using vulnerable FTP daemon.

From: "Bojan Zdravkovic" <bzdravko () siac com>
Date: Tue, 25 Sep 2001 15:28:46 -0400



Hi Paul,

Calling the ISP will help. They won't "get" the guy, only slap his wrist. The
biggest, ultimate effect of calling the ISP would be sending him a warning
email.

ISPs will never forward you any personal info, except if you're a government
investigator. And if an investigator gets involved the damage has to be
substantial (millions).

Don't talk about evidence, and don't blow things out of proportion, this is just
a simple mischief, happens to everyone.

And patch that ftpd.

-Bojan

Disclaimer: Obviously my opinions don't reflect the company's. If they did I'd
be the CEO.

Paul Tan wrote:

Hello experts,

                   I am helping a friend who got hacked last few days.
Below is the logs from /var/log/messages, i managed to get the logs
from the "last" command too. Is this sufficient info to call their ISP
and get that guy?

Rgds,
Paul

If you need more evidence i can produce eg. rootkits and stuff i found
on the webserver.

<snip>



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Hacked using vulnerable FTP daemon. Paul Tan (Sep 25)
- Re: Hacked using vulnerable FTP daemon. Patrick Andry (Sep 25)
- Message not available
  - Re: Hacked using vulnerable FTP daemon. Paul Tan (Sep 26)
- <Possible follow-ups>
- Re: Hacked using vulnerable FTP daemon. Bojan Zdravkovic (Sep 25)
  - Re: Hacked using vulnerable FTP daemon. Jose Nazario (Sep 25)
  - Re: Hacked using vulnerable FTP daemon. Ben McGinnes (Sep 29)