Security Incidents mailing list archives
Re: Hacked using vulnerable FTP daemon.
From: "Bojan Zdravkovic" <bzdravko () siac com>
Date: Tue, 25 Sep 2001 15:28:46 -0400
Hi Paul, Calling the ISP will help. They won't "get" the guy, only slap his wrist. The biggest, ultimate effect of calling the ISP would be sending him a warning email. ISPs will never forward you any personal info, except if you're a government investigator. And if an investigator gets involved the damage has to be substantial (millions). Don't talk about evidence, and don't blow things out of proportion, this is just a simple mischief, happens to everyone. And patch that ftpd. -Bojan Disclaimer: Obviously my opinions don't reflect the company's. If they did I'd be the CEO. Paul Tan wrote:
Hello experts, I am helping a friend who got hacked last few days. Below is the logs from /var/log/messages, i managed to get the logs from the "last" command too. Is this sufficient info to call their ISP and get that guy? Rgds, Paul If you need more evidence i can produce eg. rootkits and stuff i found on the webserver.
<snip> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Hacked using vulnerable FTP daemon. Paul Tan (Sep 25)
- Re: Hacked using vulnerable FTP daemon. Patrick Andry (Sep 25)
- Message not available
- Re: Hacked using vulnerable FTP daemon. Paul Tan (Sep 26)
- <Possible follow-ups>
- Re: Hacked using vulnerable FTP daemon. Bojan Zdravkovic (Sep 25)
- Re: Hacked using vulnerable FTP daemon. Jose Nazario (Sep 25)
- Re: Hacked using vulnerable FTP daemon. Ben McGinnes (Sep 29)