[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Anonymous FTP attempts
- Subject: RE: [cobalt-users] Anonymous FTP attempts
- From: "GPS" <gps@xxxxxxxxxxxxxx>
- Date: Mon Feb 26 21:25:33 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
>Sent: Monday, February 26, 2001 12:33 AM
>To: Cobalt Users Group
>Subject: [cobalt-users] Anonymous FTP attempts
>
>
>Just curious what everyone's approach is to this scenario:
>
>I get a lot of messages in my error log regarding people attempting to login
>to anonymous FTP. They hit all of my IP's and host names.
>
>Do most of you report them to appropriate abuse@... or just ignore?
>
>Thanks,
>Scott
Report them. 3 hacked servers were found that way last week.
The first SysAdmin I reported to got a bit defensive at first.
2 emails later he discovered 2 things:
1. His non-production server where the FTP attempts where coming from was hacked.
2. He needed to update his ProFTPD. :)
Add these IP's to your hosts.deny--all hacking attempts. This is what the pattern looks like:
Feb 21 07:27:29 oak proftpd[10266]: xxx.xxx.xxx.70 (212.122.13.2[212.122.13.2]) - FTP session closed.
Feb 21 07:27:31 oak proftpd[10267]: xxx.xxx.xxx.77 (212.122.13.2[212.122.13.2]) - FTP session closed.
Feb 21 07:27:33 oak proftpd[10268]: xxx.xxx.xxx.78 (212.122.13.2[212.122.13.2]) - FTP session closed.
Feb 21 07:27:39 oak proftpd[10265]: xxx.xxx.xxx.66 (212.122.13.2[212.122.13.2]) - FTP session closed.
Feb 21 07:27:39 oak proftpd[10288]: xxx.xxx.xxx.88 (212.122.13.2[212.122.13.2]) - FTP session closed.
Feb 21 07:27:39 oak proftpd[10289]: xxx.xxx.xxx.89 (212.122.13.2[212.122.13.2]) - FTP session closed.
Feb 21 07:27:39 oak proftpd[10290]: xxx.xxx.xxx.93 (212.122.13.2[212.122.13.2]) - FTP session closed.
Feb 21 07:27:40 oak proftpd[10291]: xxx.xxx.xxx.94 (212.122.13.2[212.122.13.2]) - FTP session closed.
Feb 21 07:27:42 oak proftpd[10292]: xxx.xxx.xxx.103 (212.122.13.2[212.122.13.2]) - FTP session closed.
Feb 21 07:27:43 oak proftpd[10293]: xxx.xxx.xxx.108 (212.122.13.2[212.122.13.2]) - FTP session closed.
Feb 21 16:15:53 oak proftpd[384]: xxx.xxx.xxx.70 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:15:53 oak proftpd[383]: xxx.xxx.xxx.66 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:15:53 oak proftpd[386]: xxx.xxx.xxx.78 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:15:53 oak proftpd[385]: xxx.xxx.xxx.77 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:15:53 oak proftpd[388]: xxx.xxx.xxx.89 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:15:53 oak proftpd[387]: xxx.xxx.xxx.88 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:15:53 oak proftpd[389]: xxx.xxx.xxx.93 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:15:53 oak proftpd[391]: xxx.xxx.xxx.103 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:15:53 oak proftpd[392]: xxx.xxx.xxx.108 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:15:53 oak proftpd[390]: xxx.xxx.xxx.94 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:15:53 oak proftpd[393]: xxx.xxx.xxx.xxx (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:21:01 oak proftpd[597]: xxx.xxx.xxx.66 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:21:01 oak proftpd[598]: xxx.xxx.xxx.70 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:21:01 oak proftpd[599]: xxx.xxx.xxx.77 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:21:01 oak proftpd[600]: xxx.xxx.xxx.78 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:21:01 oak proftpd[601]: xxx.xxx.xxx.88 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:21:01 oak proftpd[602]: xxx.xxx.xxx.89 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:21:01 oak proftpd[603]: xxx.xxx.xxx.93 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:21:01 oak proftpd[605]: xxx.xxx.xxx.103 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:21:01 oak proftpd[604]: xxx.xxx.xxx.94 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:21:01 oak proftpd[606]: xxx.xxx.xxx.108 (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 21 16:21:08 oak proftpd[626]: xxx.xxx.xxx.xxx (colo29.traci.net[216.242.235.62]) - FTP session closed.
Feb 22 13:58:04 oak proftpd[21815]: xxx.xxx.xxx.xxx (pD9005C92.dip.t-dialin.net[217.0.92.146]) - no such user 'anonymous'
Feb 22 13:58:05 oak proftpd[21815]: xxx.xxx.xxx.xxx (pD9005C92.dip.t-dialin.net[217.0.92.146]) - USER anonymous (Login failed):
Can't find user.
Feb 22 13:58:05 oak proftpd[21815]: xxx.xxx.xxx.xxx (pD9005C92.dip.t-dialin.net[217.0.92.146]) - FTP session closed.
Feb 23 04:49:45 oak proftpd[26171]: xxx.xxx.xxx.93 (route-64-129-255-136.telocity.com[64.129.255.136]) - FTP session closed.
Feb 23 04:49:45 oak proftpd[26172]: xxx.xxx.xxx.94 (route-64-129-255-136.telocity.com[64.129.255.136]) - FTP session closed.
Feb 23 04:49:46 oak proftpd[26173]: xxx.xxx.xxx.103 (route-64-129-255-136.telocity.com[64.129.255.136]) - FTP session closed.
Feb 23 04:49:46 oak proftpd[26174]: xxx.xxx.xxx.108 (route-64-129-255-136.telocity.com[64.129.255.136]) - FTP session closed.
Feb 23 04:49:48 oak proftpd[26176]: xxx.xxx.xxx.66 (route-64-129-255-136.telocity.com[64.129.255.136]) - FTP session closed.
Feb 23 04:49:48 oak proftpd[26177]: xxx.xxx.xxx.70 (route-64-129-255-136.telocity.com[64.129.255.136]) - FTP session closed.
Feb 23 04:49:48 oak proftpd[26178]: xxx.xxx.xxx.78 (route-64-129-255-136.telocity.com[64.129.255.136]) - FTP session closed.
Feb 23 04:49:48 oak proftpd[26182]: xxx.xxx.xxx.88 (route-64-129-255-136.telocity.com[64.129.255.136]) - FTP session closed.
Feb 23 04:49:48 oak proftpd[26183]: xxx.xxx.xxx.89 (route-64-129-255-136.telocity.com[64.129.255.136]) - FTP session closed.
Feb 23 04:49:48 oak proftpd[26200]: xxx.xxx.xxx.77 (route-64-129-255-136.telocity.com[64.129.255.136]) - FTP session closed.
Feb 23 04:50:03 oak proftpd[26204]: (route-64-129-255-136.telocity.com[64.129.255.136]) - FTP session closed.
Feb 25 02:02:20 oak proftpd[12298]: xxx.xxx.xxx.66 (216-207-105-11.hsacorp.net[216.207.105.11]) - FTP session closed.
Feb 25 02:02:21 oak proftpd[12299]: xxx.xxx.xxx.70 (216-207-105-11.hsacorp.net[216.207.105.11]) - FTP session closed.
Feb 25 02:02:21 oak proftpd[12300]: xxx.xxx.xxx.77 (216-207-105-11.hsacorp.net[216.207.105.11]) - FTP session closed.
Feb 25 02:02:21 oak proftpd[12301]: xxx.xxx.xxx.78 (216-207-105-11.hsacorp.net[216.207.105.11]) - FTP session closed.
Feb 25 02:02:29 oak proftpd[12302]: xxx.xxx.xxx.88 (216-207-105-11.hsacorp.net[216.207.105.11]) - FTP session closed.
Feb 25 02:02:30 oak proftpd[12304]: xxx.xxx.xxx.93 (216-207-105-11.hsacorp.net[216.207.105.11]) - FTP session closed.
Feb 25 02:02:30 oak proftpd[12303]: xxx.xxx.xxx.89 (216-207-105-11.hsacorp.net[216.207.105.11]) - FTP session closed.
Feb 25 02:02:30 oak proftpd[12305]: xxx.xxx.xxx.94 (216-207-105-11.hsacorp.net[216.207.105.11]) - FTP session closed.
Feb 25 02:02:31 oak proftpd[12306]: xxx.xxx.xxx.103 (216-207-105-11.hsacorp.net[216.207.105.11]) - FTP session closed.
Feb 25 02:02:33 oak proftpd[12307]: xxx.xxx.xxx.108 (216-207-105-11.hsacorp.net[216.207.105.11]) - FTP session closed.
Feb 25 02:07:13 oak proftpd[12516]: xxx.xxx.xxx.108(216-207-105-11.hsacorp.net[216.207.105.11]) - FTP session closed.
Feb 26 03:22:24 oak proftpd[9820]: xxx.xxx.xxx.78 (ipvpn071201.netvigator.com[203.198.160.201]) - FTP session closed.
Feb 26 03:22:24 oak proftpd[9821]: xxx.xxx.xxx.88 (ipvpn071201.netvigator.com[203.198.160.201]) - FTP session closed.
Feb 26 03:22:24 oak proftpd[9822]: xxx.xxx.xxx.89 (ipvpn071201.netvigator.com[203.198.160.201]) - FTP session closed.
Feb 26 03:22:24 oak proftpd[9823]: xxx.xxx.xxx.93 (ipvpn071201.netvigator.com[203.198.160.201]) - FTP session closed.
Feb 26 03:22:25 oak proftpd[9824]: xxx.xxx.xxx.94 (ipvpn071201.netvigator.com[203.198.160.201]) - FTP session closed.
Feb 26 03:22:25 oak proftpd[9825]: xxx.xxx.xxx.103 (ipvpn071201.netvigator.com[203.198.160.201]) - FTP session closed.
Feb 26 03:22:25 oak proftpd[9826]: xxx.xxx.xxx.108 (ipvpn071201.netvigator.com[203.198.160.201]) - FTP session closed.
Feb 26 03:22:43 oak proftpd[9846]: xxx.xxx.xxx.xxx (ipvpn071201.netvigator.com[203.198.160.201]) - FTP session closed.