Security Incidents mailing list archives
Re: Strange FTP logs
From: Andrew Smith <stfunub () gmail com>
Date: Mon, 1 Nov 2004 16:20:41 +0000
I have no idea how they got your password, if they did. As you said sniffing is a possibility. But the creating of test files (cw.txt) and trying to change to directory .tmp would make me think that perhaps it was being used to store pirated material, or being tested to see if it could be used. The range of IP's connecting would make me think that perhaps the logins to your FTP had been posted on some forum or given out in some IRC channel. The directory " ./.tmp. / /" looks like a standard directory used by "pubbers" to lock directories on anonymous FTPs. Is your FTP open to anonymous logins?
Current thread:
- Strange FTP logs Rob klein Gunnewiek (Nov 01)
- Re: Strange FTP logs Andrew Smith (Nov 01)
- Re: Strange FTP logs xyberpix (Nov 01)
- <Possible follow-ups>
- RE: Strange FTP logs Jobe Bittman (Nov 01)
- RE: Strange FTP logs JP Garcia (Nov 01)
- Re: Strange FTP logs Valdis . Kletnieks (Nov 01)
- Re: Strange FTP logs Yuri Gushin (Nov 02)