Security Incidents mailing list archives
Re: Possible crack attempt against ProFTPD or a DoS?
From: "Steven J. Hill" <sjhill () cotw com>
Date: Wed, 7 Feb 2001 16:16:50 -0600
Jose Nazario wrote:
warez kiddies. they just 'exploit' the face that you had a writable area for anonymous users. been tracking them for a while. if you wanna see some of their additional handiwork, do a web search on "test345". this appears to be the signature of a tool that runs around looking for writable directories for the warez kiddies. follow the links you find (ie using google). more of the same.
Good, glad that's all. I did a search and indeed found stuff. I will post my logs for record purposes. I have emailed the root and abuse accounts at 'wanadoo.be' 'wanadoo.fr' and 'euronet.be'. I haven't heard back from them yet, but I guess I don't care now. Thanks to all of you. Cheers. -Steve ************** BEGIN FTP LOGS ************** Thu Feb 1 16:56:41 2001 39 p193.adsl.powered-by.euronet.be 392394 /data/ftp/incoming/Final_Fantasy.zip b _ i a nilsot () wanadoo be ftp 0 * c Thu Feb 1 16:59:06 2001 39 p193.adsl.powered-by.euronet.be 392394 /data/ftp/incoming/Final.zip b _ i a nilsot () wanadoo be ftp 0 * c Sun Feb 4 18:30:19 2001 4788 APh-Aug-101-1-1-84.abo.wanadoo.fr 17362944 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/kal-drks.001 b _ i a anonymous () on the net ftp 0 * c Sun Feb 4 18:30:33 2001 9 APh-Aug-101-1-1-84.abo.wanadoo.fr 135168 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/kal-drks.002 b _ i a anonymous () on the net ftp 0 * i Sun Feb 4 18:55:13 2001 1466 APh-Aug-101-1-1-84.abo.wanadoo.fr 20000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/kal-drks.002 b _ i a anonymous () on the net ftp 0 * c Sun Feb 4 19:20:33 2001 1518 APh-Aug-101-1-1-84.abo.wanadoo.fr 20000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/kal-drks.003 b _ i a anonymous () on the net ftp 0 * c Sun Feb 4 19:41:45 2001 1271 APh-Aug-101-1-1-84.abo.wanadoo.fr 20000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/kal-drks.004 b _ i a anonymous () on the net ftp 0 * c Sun Feb 4 20:06:02 2001 1455 APh-Aug-101-1-1-84.abo.wanadoo.fr 20000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/kal-drks.005 b _ i a anonymous () on the net ftp 0 * c Sun Feb 4 20:30:12 2001 1449 APh-Aug-101-1-1-84.abo.wanadoo.fr 20000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/kal-drks.006 b _ i a anonymous () on the net ftp 0 * c Sun Feb 4 21:01:55 2001 1901 APh-Aug-101-1-1-84.abo.wanadoo.fr 20000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/kal-drks.007 b _ i a anonymous () on the net ftp 0 * c Mon Feb 5 02:01:58 2001 1282 APh-Aug-101-1-1-84.abo.wanadoo.fr 20000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/kal-drks.001ok b _ i a anonymous () on the net ftp 0 * c Mon Feb 5 02:06:54 2001 0 APh-Aug-101-1-1-84.abo.wanadoo.fr 0 /incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/kal-drks.001 a _ d a anonymous () on the net ftp 0 * c Mon Feb 5 02:28:25 2001 1266 APh-Aug-101-1-1-84.abo.wanadoo.fr 19000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/1000_arms_disk_2/1000_arms_disk2.r00 b _ i a anonymous () on the net ftp 0 * c Mon Feb 5 02:49:07 2001 1240 APh-Aug-101-1-1-84.abo.wanadoo.fr 19000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/1000_arms_disk_2/1000_arms_disk2.r01 b _ i a anonymous () on the net ftp 0 * c Mon Feb 5 03:09:01 2001 1193 APh-Aug-101-1-1-84.abo.wanadoo.fr 19000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/1000_arms_disk_2/1000_arms_disk2.r02 b _ i a anonymous () on the net ftp 0 * c Mon Feb 5 03:29:09 2001 1207 APh-Aug-101-1-1-84.abo.wanadoo.fr 19000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/1000_arms_disk_2/1000_arms_disk2.r03 b _ i a anonymous () on the net ftp 0 * c Mon Feb 5 03:49:14 2001 1203 APh-Aug-101-1-1-84.abo.wanadoo.fr 19000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/1000_arms_disk_2/1000_arms_disk2.r04 b _ i a anonymous () on the net ftp 0 * c Mon Feb 5 04:09:38 2001 1222 APh-Aug-101-1-1-84.abo.wanadoo.fr 19000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/1000_arms_disk_2/1000_arms_disk2.r05 b _ i a anonymous () on the net ftp 0 * c Mon Feb 5 04:29:20 2001 1181 APh-Aug-101-1-1-84.abo.wanadoo.fr 19000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/1000_arms_disk_2/1000_arms_disk2.r06 b _ i a anonymous () on the net ftp 0 * c Mon Feb 5 04:49:53 2001 1231 APh-Aug-101-1-1-84.abo.wanadoo.fr 19000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/1000_arms_disk_2/1000_arms_disk2.r07 b _ i a anonymous () on the net ftp 0 * c Mon Feb 5 05:09:55 2001 1200 APh-Aug-101-1-1-84.abo.wanadoo.fr 19000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/1000_arms_disk_2/1000_arms_disk2.r08 b _ i a anonymous () on the net ftp 0 * c Mon Feb 5 05:29:42 2001 1186 APh-Aug-101-1-1-84.abo.wanadoo.fr 19000000 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/1000_arms_disk_2/1000_arms_disk2.r09 b _ i a anonymous () on the net ftp 0 * c Mon Feb 5 05:44:36 2001 892 APh-Aug-101-1-1-84.abo.wanadoo.fr 14143488 /data/ftp/incoming/_________________________Tagged/by/The_CriMiNaL/FiLLed_BY/The_CriMiNaL/&/DoMiNique/1000_arms_disk_2/1000_arms_disk2.r10 b _ i a anonymous () on the net ftp 0 * i -- Steven J. Hill - Embedded SW Engineer Public Key: 'finger sjhill () mail cotw com' FPR1: E124 6E1C AF8E 7802 A815 FPR2: 7D72 829C 3386 4C4A E17D
Current thread:
- Possible crack attempt against ProFTPD or a DoS? Steven J. Hill (Feb 07)
- Re: Possible crack attempt against ProFTPD or a DoS? Jose Nazario (Feb 07)
- Re: Possible crack attempt against ProFTPD or a DoS? Steven J. Hill (Feb 07)
- Re: Possible crack attempt against ProFTPD or a DoS? Jose Nazario (Feb 07)