Go Back   PCMech Forums > Help & Discussion > Internet, Web Applications, & The Cloud
FTP security FTP security
Register FAQ Members List Social Groups Rules Calendar Search Today's Posts Mark Forums Read

Need Some Help? Type Your Keywords Here:

Reply
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
Old 06-17-2004, 01:52 PM   #1
Blizzard Fanboy
 
spyder003's Avatar
 
Join Date: May 2003
Location: Northrend
Posts: 1,411
FTP security
Thanks to this thread, I got my FTP up and running. It's working fine, but I had someone get in today without a username. They first tried to log in anonymously, and about 30 seconds later from a different IP they just got in without being logged in. I'll try and post the log later so you can see what I mean. Any idea how they did this and how I can stop them? I'm using Bulletproof FTP by the way.

Thanks

Edit: here is a reverse DNS lookup of the IP that got in (the second one), does that look like anything I should be weary of?

Here is the log:

6/17/2004 12:55:54 AM - FTP Server On-line : IP(s) 192.168.0.4, on port 21
(000001) 6/17/2004 10:57:01 AM - (not logged in) (217.234.248.165) > connected to ip : 192.168.0.4
(000001) 6/17/2004 10:57:01 AM - (not logged in) (217.234.248.165) > sending welcome message.
(000001) 6/17/2004 10:57:01 AM - (not logged in) (217.234.248.165) > 220-Temp FTP
(000001) 6/17/2004 10:57:01 AM - (not logged in) (217.234.248.165) > 220 Welcome!
(000001) 6/17/2004 10:57:03 AM - (not logged in) (217.234.248.165) > USER anonymous
(000001) 6/17/2004 10:57:03 AM - (not logged in) (217.234.248.165) > 331 Password required for anonymous.
(000001) 6/17/2004 10:57:03 AM - (not logged in) (217.234.248.165) > PASS ********
(000001) 6/17/2004 10:57:03 AM - (not logged in) (217.234.248.165) > 530 Login or Password incorrect.
(000001) 6/17/2004 10:57:04 AM - (not logged in) (217.234.248.165) > disconnected.
(000002) 6/17/2004 10:57:40 AM - (not logged in) (155.230.55.183) > connected to ip : 192.168.0.4
(000002) 6/17/2004 10:57:40 AM - (not logged in) (155.230.55.183) > sending welcome message.
(000002) 6/17/2004 10:57:40 AM - (not logged in) (155.230.55.183) > 220-Temp FTP
(000002) 6/17/2004 10:57:40 AM - (not logged in) (155.230.55.183) > 220 Welcome!
(000002) 6/17/2004 10:57:40 AM - (not logged in) (155.230.55.183) > disconnected.
(000003) 6/17/2004 10:59:57 AM - (not logged in) (155.230.55.183) > connected to ip : 192.168.0.4
(000003) 6/17/2004 10:59:57 AM - (not logged in) (155.230.55.183) > sending welcome message.
(000003) 6/17/2004 10:59:57 AM - (not logged in) (155.230.55.183) > 220-Temp FTP
(000003) 6/17/2004 10:59:57 AM - (not logged in) (155.230.55.183) > 220 Welcome!
(000003) 6/17/2004 11:00:07 AM - (not logged in) (155.230.55.183) > disconnected.
__________________
EVGA 750i SLI - EVGA 9800 GX2 - Intel Q6700 - 4GB Corsair PC6400 - 1TB Seagate HDD - X-fi Gamer - Logitech G51 5.1 - ViewSonic 22" WS - Vista Premium
Last edited by spyder003; 06-17-2004 at 02:15 PM.
spyder003 is offline   Reply With Quote
Old 06-18-2004, 01:42 PM   #2
glc
Forum Administrator
Staff
Premium Member
 
glc's Avatar
 
Join Date: May 2000
Location: Joplin MO
Posts: 36,460
Yeah, you got a Korean hacker trying to get in. Better revew all your security settings, or move your FTP to a nonstandard port.
glc is offline   Reply With Quote
Reply

Bookmarks

Still Need Help? Type Your Keywords Here:


« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -5. The time now is 03:11 AM.
Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.6.0

PCMech - Archive - Top