Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#247468 - 26/01/2005 01:14 Hackers?
SE_Sport_Driver
carpal tunnel

Registered: 05/01/2001
Posts: 4903
Loc: Detroit, MI USA
I'm currently running an ftp server on my PC and I often run into this message:

[000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > connected to ip : 192.168.0.7
(000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > sending welcome message.
(000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > 220 BradFTP
(000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > USER anonymous
(000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > 331 Password required for anonymous.
(000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > PASS ********
(000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > 530 Login or Password incorrect.
(000002) 1/25/2005 8:07:12 PM - (not logged in) (209.174.230.69) > disconnected.


Is this some hacker looking for a random ftp server (based on port)? I have no anonymous account, so they will never be able to log in, and I always add that IP to the block list, but should I still be concerned?
_________________________
Brad B.

Top
#247469 - 26/01/2005 02:06 Re: Hackers? [Re: SE_Sport_Driver]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
They are scanning for a place to put some slightly shady content most likely. I had anonymous on my server 3 years back and found after a month I had the newest Windows at the time, plus some other pieces of software. They usually try to do tricks to hide the files, but most fail on a Linux box.

Top
#247470 - 26/01/2005 02:10 Re: Hackers? [Re: drakino]
SE_Sport_Driver
carpal tunnel

Registered: 05/01/2001
Posts: 4903
Loc: Detroit, MI USA
What's the point? Just to propogate (sp?) the stuff?
_________________________
Brad B.

Top
#247471 - 26/01/2005 02:13 Re: Hackers? [Re: SE_Sport_Driver]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
If your on a fast enough connection, usually they will use you to get files off a site. So basicially you become a relay, allowing their slow connection to eventually get the files without fear of being booted off the main server. FTP easially allows redirection to another site, it was a common trick when many sysadmins were on dialup. They would FTP to a site then direct the download to their office computer.

Another possibility is they intend to turn your server into a main site.

Top
#247472 - 26/01/2005 02:14 Re: Hackers? [Re: drakino]
SE_Sport_Driver
carpal tunnel

Registered: 05/01/2001
Posts: 4903
Loc: Detroit, MI USA
How flattering.
_________________________
Brad B.

Top