Security Incidents mailing list archives
Re: Anonymous FTP annoyance
From: John Sage <jsage () finchhaven com>
Date: Sun, 09 Dec 2001 02:03:52 -0800
Bryan: See: http://www.xs4all.nl/~liew/startdivx/endofdeleters.txt This'll make your hair stand on end.A warez-k1dd13 manual about how to create undeletable directories on Windows boxes, all for the purpose of doing just exactly what's been done to you: set up a (potential) warez site.
Hopefully here you will find information that will let you reverse the process...
Afterwords, see: http://ph.members.tripodasia.com/chisholm6707/sites02.09.2001.txt for one listing of sites that have been warez-ed... HTH.. - John Bryan Smith wrote:
I had opened anonymous FTP on my workstation at my office as a convenience to myself and fellow research partners. It allowed write access, but I keep a close eye on it and haven't had any problems until today. This way we're not sending unencrypted passwords across the network. The machine is WindowsXP Prof, running the included FTP server. Today in one of the directories I find this /.tagged/~/.scanned/by/NTVM/com1 I immediately turned off the FTP service and disabled the IUSR account. At first glance it just seems that my box was found through some scanning and marked as a possible warez dump site. Also, now that I would like to clean this up, I find that I cannot delete the folder "com1". No ACL information is found in the properties for the directory and it's not read-only. Somehow the tool created a "permanent" folder. What can be done to clean this up? Also, for those that may have ran into this before - has anything else been found that should also be taken into consideration?
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Anonymous FTP annoyance Bryan Smith (Dec 09)
- Re: Anonymous FTP annoyance James (Dec 10)
- Re: Anonymous FTP annoyance Nick FitzGerald (Dec 10)
- Re: Anonymous FTP annoyance John Sage (Dec 10)
- RE: Anonymous FTP annoyance Bryan Smith (Dec 10)