[[Tfug] FTP Server]
Leo Przybylski
leo at leosandbox.org
Tue Dec 2 17:06:51 MST 2003
Yeah,
the same was the case with red alert. My web server is still getting
pounded by systems on my subnet here. They don't know they're infected
and the SSA won't do anything about it because there's only one and he's
got higher priorities.
&Leo();
Brad Becker wrote:
>>Will tell you about some log entries in another post ...
>>
>>
>
>Over the past few days verbose ftp logging is showing stuff like this:
>
>Make directory command:
>
>MKD 031202034938p
>
>Change directory commands:
>
>CWD /pub/
>CWD /_vti_pvt/
>CWD /_vti_txt/
>CWD /wwwroot/
>CWD /mailroot/
>CWD /ftproot/
>CWD /home/
>CWD /~tmp/
>CWD /anonymous/public
>
>Lots of other commands, all denied.
>
>They're coming from different IP's. Someone told me this is a known attack on
>IIS servers (gotta love Msof$), broadcasted in many cases by unknowing pc
>owners who haven't patched. He mentioned there are so many out there that are
>infected and that most admins don't know it and don't care if they do know
>it.
>
>Does this sound right?
>
>Brad Becker
>------------------
>XP2100+ @ 2.18ghz
>Shuttle AK35GT2
>512mb HyperX 3000
>Elsa GF3 ti200
>Other stuff
>
>
>_______________________________________________
>tfug mailing list
>tfug at tfug.org
>http://www.tfug.org/mailman/listinfo/tfug
>
>
More information about the tfug
mailing list