Security Incidents mailing list archives

Re: ProFTPD Scan?

From: Kurth Bemis <kurth () USAEXPRESS NET>
Date: Wed, 14 Mar 2001 00:49:08 -0500

At 10:32 AM 3/13/2001, Steven J. Hill wrote:

I'd like to thank all the persons that responded to my post regarding
ProFTPd Scan.  It was very reassuring to have many knowledgeable people put
my worries to rest.  Thank you

~kurth

Kurth Bemis wrote:
>
> I found these in todays logs - notice the times "15:32:13"  thats four hits
> at the same time. and then two at a different time.  Looks like a DoS
> attempt to (although i've been known to have been wrong).
>
> In today's logs.
>
> Mar 12 15:30:28 trinity proftpd[19132]: trinity
> (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login
> failed): Can't find user.
> Mar 12 15:32:13 trinity proftpd[19147]: trinity
> (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login
> failed): Can't find user.
> Mar 12 15:32:13 trinity proftpd[19148]: trinity
> (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login
> failed): Can't find user.
> Mar 12 15:30:28 trinity proftpd[19132]: trinity
> (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login
> failed): Can't find user.
> Mar 12 15:32:13 trinity proftpd[19147]: trinity
> (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login
> failed): Can't find user.
> Mar 12 15:32:13 trinity proftpd[19148]: trinity
> (AVelizy-101-1-2-117.abo.wanadoo.fr[193.253.200.117]) - USER ftp (Login
> failed): Can't find user.
>
> Can anyone provide insight?
>
You bet I can. This person is a warez script kiddie. I _USED_ to have a
world writeable upload directory for my colaborative work and a kiddie
from this exact domain uploaded 350MB to my site of warez. I still have
the logs from this one. I emailed the sysadmins at this domain and never
heard back from them. They apparently have not done shit about it. This
kiddie was trying to find a word writeable directory.

-Steve

--
 Steven J. Hill - Embedded SW Engineer
 Public Key: 'http://www.cotw.com/pubkey.txt&apos;
 FPR1: E124 6E1C AF8E 7802 A815
 FPR2: 7D72 829C 3386 4C4A E17D

Current thread:

ProFTPD Scan? Kurth Bemis (Mar 12)
- Re: ProFTPD Scan? Janek Shein (Mar 12)
- Re: ProFTPD Scan? X (Mar 12)
- Re: ProFTPD Scan? Jose Nazario (Mar 12)
- Re: ProFTPD Scan? Steven J. Hill (Mar 13)
  - Re: ProFTPD Scan? Kurth Bemis (Mar 14)
  - Re: ProFTPD Scan? Rik van Riel (Mar 20)
- Re: ProFTPD Scan? Mike Stilson (Mar 14)
- <Possible follow-ups>
- Re: ProFTPD Scan? Guillaume.COURTOIS (Mar 15)