[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] attempted slam

Subject: [cobalt-users] attempted slam
From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
Date: Tue Feb 13 03:06:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Remember a few days ago I said someone from sympatico.ca was trying
desperately to get in to my main site as an anonymous ftp user?
They're baaaaaaaack... and this time they got creative and tried my block of
IPs. Some of these customers have anon ftp enabled.
Log lines are below.
Any suggestions on what I should do? I've got the updates installed, I've
done the checks for the 'suspicious' files and found nothing, but I don't
for an instant think that I am safe or that there isn't something on my box
waiting to dump a payload on me.

God this pisses me off to no end.
AND I'm quite positive that the people doing this are subscribed to this
list. Note how someone speaks up and asks about whether or not they should
install the updates - and a day or two later they discover they've been
hacked?

Feb 12 21:11:31 www proftpd[24316]: 66.51.111.129
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - USER anonymous
(Login failed): Can't find user.
Feb 12 21:11:31 www proftpd[24316]: 66.51.111.129
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:32 www proftpd[24319]: 66.51.111.132
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - USER anonymous
(Login failed): Can't find user.
Feb 12 21:11:32 www proftpd[24321]: 66.51.111.134
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - USER anonymous
(Login failed): Can't find user.
Feb 12 21:11:32 www proftpd[24320]: 66.51.111.133
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - USER anonymous
(Login failed): Can't find user.
Feb 12 21:11:33 www proftpd[24322]: 66.51.111.135
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - USER anonymous
(Login failed): Can't find user.
Feb 12 21:11:33 www proftpd[24319]: 66.51.111.132
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:33 www proftpd[24321]: 66.51.111.134
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:33 www proftpd[24320]: 66.51.111.133
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:33 www proftpd[24323]: 66.51.111.136
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - USER anonymous
(Login failed): Can't find user.
Feb 12 21:11:33 www proftpd[24322]: 66.51.111.135
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:33 www proftpd[24324]: 66.51.111.137
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - USER anonymous
(Login failed): Can't find user.
Feb 12 21:11:33 www proftpd[24323]: 66.51.111.136
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:33 www proftpd[24324]: 66.51.111.137
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:33 www proftpd[24326]: 66.51.111.139
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - USER anonymous
(Login failed): Can't find user.
Feb 12 21:11:33 www proftpd[24326]: 66.51.111.139
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:34 www proftpd[24317]: 66.51.111.130
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:34 www proftpd[24318]: 66.51.111.131
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:34 www proftpd[24330]: 66.51.111.143
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - USER anonymous
(Login failed): Can't find user.
Feb 12 21:11:34 www proftpd[24331]: 66.51.111.144
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - USER anonymous
(Login failed): Can't find user.
Feb 12 21:11:34 www proftpd[24330]: 66.51.111.143
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:34 www proftpd[24331]: 66.51.111.144
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:35 www proftpd[24325]: 66.51.111.138
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:35 www proftpd[24332]: 66.51.111.150
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - USER anonymous
(Login failed): Can't find user.
Feb 12 21:11:35 www proftpd[24327]: 66.51.111.140
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:35 www proftpd[24328]: 66.51.111.141
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:35 www proftpd[24332]: 66.51.111.150
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:35 www proftpd[24329]: 66.51.111.142
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:11:35 www proftpd[24352]: 66.51.111.151
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - USER anonymous
(Login failed): Can't find user.
Feb 12 21:11:35 www proftpd[24352]: 66.51.111.151
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - FTP session
closed.
Feb 12 21:15:01 www proftpd[24508]: www.allaboutchoice.com
(localhost[127.0.0.1]) - FTP session closed.
Feb 12 21:11:30 www in.proftpd[24316]: connect from 64.229.234.166
Feb 12 21:11:32 www in.proftpd[24317]: connect from 64.229.234.166
Feb 12 21:11:32 www in.proftpd[24318]: connect from 64.229.234.166
Feb 12 21:11:32 www in.proftpd[24319]: connect from 64.229.234.166
Feb 12 21:11:32 www in.proftpd[24321]: connect from 64.229.234.166
Feb 12 21:11:32 www in.proftpd[24320]: connect from 64.229.234.166
Feb 12 21:11:32 www in.proftpd[24322]: connect from 64.229.234.166
Feb 12 21:11:32 www in.proftpd[24323]: connect from 64.229.234.166
Feb 12 21:11:32 www in.proftpd[24324]: connect from 64.229.234.166
Feb 12 21:11:32 www proftpd[24317]: 66.51.111.130
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - ANON anonymous:
Login successful.
Feb 12 21:11:32 www proftpd[24318]: 66.51.111.131
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - ANON anonymous:
Login successful.
Feb 12 21:11:33 www in.proftpd[24325]: connect from 64.229.234.166
Feb 12 21:11:33 www in.proftpd[24326]: connect from 64.229.234.166
Feb 12 21:11:33 www in.proftpd[24327]: connect from 64.229.234.166
Feb 12 21:11:33 www in.proftpd[24328]: connect from 64.229.234.166
Feb 12 21:11:33 www proftpd[24325]: 66.51.111.138
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - ANON anonymous:
Login successful.
Feb 12 21:11:33 www proftpd[24327]: 66.51.111.140
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - ANON anonymous:
Login successful.
Feb 12 21:11:33 www proftpd[24328]: 66.51.111.141
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - ANON anonymous:
Login successful.
Feb 12 21:11:33 www in.proftpd[24329]: connect from 64.229.234.166
Feb 12 21:11:33 www in.proftpd[24330]: connect from 64.229.234.166
Feb 12 21:11:34 www in.proftpd[24331]: connect from 64.229.234.166
Feb 12 21:11:34 www proftpd[24329]: 66.51.111.142
(HSE-QuebecCity-ppp80993.qc.sympatico.ca[64.229.234.166]) - ANON anonymous:
Login successful.
Feb 12 21:11:34 www in.proftpd[24332]: connect from 64.229.234.166
Feb 12 21:11:35 www in.proftpd[24352]: connect from 64.229.234.166

CarrieB
(This probably won't show up for days - my replies go through quickly, my
new postings take 3 days to show up)

Follow-Ups:
- Re: [cobalt-users] attempted slam
  - From: baltimoremd
- Re: [cobalt-users] attempted slam
  - From: Carrie Bartkowiak
- RE: [cobalt-users] attempted slam
  - From: Dan Kriwitsky
- Re: [cobalt-users] attempted slam
  - From: Colin Smith

Prev by Date: Re: [cobalt-users] /etc/aliases
Next by Date: Re: [cobalt-users] Recent Hacks
Previous by thread: [cobalt-users] Cobalt log files - what format?
Next by thread: Re: [cobalt-users] attempted slam

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index