Security Incidents mailing list archives

Re: Strange FTP logs

From: Andrew Smith <stfunub () gmail com>
Date: Mon, 1 Nov 2004 16:20:41 +0000

I have no idea how they got your password, if they did. As you said
sniffing is a possibility.
But the creating of test files (cw.txt) and trying to change to
directory .tmp would make me think that perhaps it was being used to
store pirated material, or being tested to see if it could be used.
The range of IP's connecting would make me think that perhaps the
logins to your FTP had been posted on some forum or given out in some
IRC channel.

The directory " ./.tmp. / /" looks like a standard directory used by
"pubbers" to lock directories on anonymous FTPs. Is your FTP open to
anonymous logins?

Current thread:

Strange FTP logs Rob klein Gunnewiek (Nov 01)
- Re: Strange FTP logs Andrew Smith (Nov 01)
- Re: Strange FTP logs xyberpix (Nov 01)
- <Possible follow-ups>
- RE: Strange FTP logs Jobe Bittman (Nov 01)
- RE: Strange FTP logs JP Garcia (Nov 01)
  - Re: Strange FTP logs Valdis . Kletnieks (Nov 01)
- Re: Strange FTP logs Yuri Gushin (Nov 02)