Saturday, 19. July 2003
When your server ends up a Warez site
When your server ends up a Warez site
Published By: EyeOnSecurity.org Posted By: Benjamin D. Thomas 7/18/2003 17:38
SPONSOR: Free PKI guide from Thawte Management digital certificates with Thawte's Starter PKI Program. Click to learn more!
A week before publishing this paper, I opened an anonymous ftp site on my home machine, expecting a few connections. I also wanted to see what people would do if I gave them write access. Within 3-4 days of my server being up, I got a successful connection from a remote host, which created his own directory named "_kurdt". Later on, I got another connection from a possibly different visitor, who created a different directory name "020612105639p". Checking my ftp logs, I learnt that both processes seem automated: within the same second the user has logged in, created a folder and disconnected from my ftp server. The third scan consisted of testing upload, deletion and ftp/http miss-configuration. These attacks are described in detail on the log files section. [LinuxSecurity.com]
disLEXia, a research project by Maximillian Dornseif
 |  |  | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
disLEXia
incidents
This is category incidents of the disLEXia project. It is also available in machine-readable format, e.g. to use with news aggreators:    |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |  |  | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||