Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rogue FTP Servers

From: "Lucas, Bryan" <b.lucas () TCU EDU>
Date: Tue, 2 Nov 2004 14:28:29 -0600
That's short for Distro and Divx_due suggest it's a dump site for Divx
encoded movies.  That's a pretty typical result of a hack.  Look in your
recycler bin with something that can see inside of it (TreeSize Pro) and
locate where they are dumping the files.  Alternatively, look at the
.ini file if they chose Serv-U as the server.

Bryan Lucas
Lead Server Administrator
Texas Christian University
(817) 257-6971


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Justin Azoff
Sent: Tuesday, November 02, 2004 2:17 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Rogue FTP Servers


On Tue, 2004-11-02 at 14:28, Anderson, Brandie wrote:

Does the banner say anything about "pubstro"?



I found one that had a banner of:
220-FTP SerVeR ReADy 220-_______________________________________________
220-                      - = ] MadHouse [ = -
220-                                               
220-         This Stro is Brought You By Divx_due
220-                    & Evisu!
220-                ____________
220-                 User iNFO :
.....

Does "Stro" mean something in another language?

-- 
-- Justin Azoff
-- Network Performance Analyst

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.
Previous By Date Next
Previous By Thread Next

Current thread: