Re: Hacker seems to know FTP usernames
From: Jeff Cochran (jcochran.nospam_at_naplesgov.com)
Date: 02/26/04
- Previous message: Jeff Cochran: "Re: URLScan and SQL Injection"
- In reply to: Struggling sys admin: "Hacker seems to know FTP usernames"
- Next in thread: Ash Sysadmin: "Re: Hacker seems to know FTP usernames"
- Reply: Ash Sysadmin: "Re: Hacker seems to know FTP usernames"
- Reply: Ash Sysadmin: "Re: Hacker seems to know FTP usernames"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Feb 2004 17:08:37 GMT
On Thu, 26 Feb 2004 07:56:21 -0800, "Struggling sys admin"
<logica111@hotmail.com> wrote:
>We have an old NT4 server with a few hosted sites on. Im
>seeing in the security logs that someone is trying to log
>in (and failing so far) with existing FTP usernames. They
>havent figured the passwords yet so authentication fails.
>So somewhere, someone is able to get a list of ftp
>usernames on that box and im guessing it wont be long
>before we start seeing sites changed. How is that
>happening??
Maybe grabbed the SAM if you haven't secured it. Or maybe the
accounts are way too obvious, like the FTP account for the sample.com
domain being "sample".
At any rate, block the attacking IP range in your firewall. Or
better, only allow those IP's that need access to come in.
Jeff
- Previous message: Jeff Cochran: "Re: URLScan and SQL Injection"
- In reply to: Struggling sys admin: "Hacker seems to know FTP usernames"
- Next in thread: Ash Sysadmin: "Re: Hacker seems to know FTP usernames"
- Reply: Ash Sysadmin: "Re: Hacker seems to know FTP usernames"
- Reply: Ash Sysadmin: "Re: Hacker seems to know FTP usernames"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
