Thread: FTP security
View Single Post
Old 06-17-2004, 12:52 PM   #1
spyder003
Blizzard Fanboy
 
spyder003's Avatar
 
Join Date: May 2003
Location: Northrend
Posts: 1,411
FTP security
Thanks to this thread, I got my FTP up and running. It's working fine, but I had someone get in today without a username. They first tried to log in anonymously, and about 30 seconds later from a different IP they just got in without being logged in. I'll try and post the log later so you can see what I mean. Any idea how they did this and how I can stop them? I'm using Bulletproof FTP by the way.

Thanks

Edit: here is a reverse DNS lookup of the IP that got in (the second one), does that look like anything I should be weary of?

Here is the log:

6/17/2004 12:55:54 AM - FTP Server On-line : IP(s) 192.168.0.4, on port 21
(000001) 6/17/2004 10:57:01 AM - (not logged in) (217.234.248.165) > connected to ip : 192.168.0.4
(000001) 6/17/2004 10:57:01 AM - (not logged in) (217.234.248.165) > sending welcome message.
(000001) 6/17/2004 10:57:01 AM - (not logged in) (217.234.248.165) > 220-Temp FTP
(000001) 6/17/2004 10:57:01 AM - (not logged in) (217.234.248.165) > 220 Welcome!
(000001) 6/17/2004 10:57:03 AM - (not logged in) (217.234.248.165) > USER anonymous
(000001) 6/17/2004 10:57:03 AM - (not logged in) (217.234.248.165) > 331 Password required for anonymous.
(000001) 6/17/2004 10:57:03 AM - (not logged in) (217.234.248.165) > PASS ********
(000001) 6/17/2004 10:57:03 AM - (not logged in) (217.234.248.165) > 530 Login or Password incorrect.
(000001) 6/17/2004 10:57:04 AM - (not logged in) (217.234.248.165) > disconnected.
(000002) 6/17/2004 10:57:40 AM - (not logged in) (155.230.55.183) > connected to ip : 192.168.0.4
(000002) 6/17/2004 10:57:40 AM - (not logged in) (155.230.55.183) > sending welcome message.
(000002) 6/17/2004 10:57:40 AM - (not logged in) (155.230.55.183) > 220-Temp FTP
(000002) 6/17/2004 10:57:40 AM - (not logged in) (155.230.55.183) > 220 Welcome!
(000002) 6/17/2004 10:57:40 AM - (not logged in) (155.230.55.183) > disconnected.
(000003) 6/17/2004 10:59:57 AM - (not logged in) (155.230.55.183) > connected to ip : 192.168.0.4
(000003) 6/17/2004 10:59:57 AM - (not logged in) (155.230.55.183) > sending welcome message.
(000003) 6/17/2004 10:59:57 AM - (not logged in) (155.230.55.183) > 220-Temp FTP
(000003) 6/17/2004 10:59:57 AM - (not logged in) (155.230.55.183) > 220 Welcome!
(000003) 6/17/2004 11:00:07 AM - (not logged in) (155.230.55.183) > disconnected.
__________________
EVGA 750i SLI - EVGA 9800 GX2 - Intel Q6700 - 4GB Corsair PC6400 - 1TB Seagate HDD - X-fi Gamer - Logitech G51 5.1 - ViewSonic 22" WS - Vista Premium
Last edited by spyder003; 06-17-2004 at 01:15 PM.
spyder003 is offline   Reply With Quote