Dynaverse.net
Off Topic => Ten Forward => Topic started by: manitoba1073 on March 05, 2005, 01:09:11 am
-
i believe it is NOT someone from the community. but the ip address is 172.206.1.106 so thats the ip of the person. just so everyone knows the file created was called i 90285. next time i find something i will be talkin to a friend of mine to have a suprise there for the ppl responible. so i u ever open the folders of unknown in the site be very very wary and only open and D/L stuff from known members of the community. so plz dont think i am yelling at anyone here as again i DO NOT beleive anyone in our great community would do something like that. so plzz as a precaution watch the folders carefully. as it is a community wide folder. and for everyone's benefit. thank you all for ur time. and i will be posting it in our other forums too
PS not sure if its condoned here, but as i am sure there are a few ppl with the talents. and i really dont wont to resort to an old friend yet, see what they can do. or leave me advise here. cause my friend can get carried away with things.
-
So if I understand, someone has put a file up on your site and using your bandwidth to host it?
-
well kinda of more than that. what they tried to do is a multi folder way of hosting what ever they want with out permission or consent, and tried to prevent it from being deleted,http://archives.neohapsis.com/archives/sf/ms/2001-q2/att-1116/01-THE-END-OF-DELETERS-v2.1.txt
heres what they were trying to do in a nut shell
-
Just read that document.
While the intent of the document may be wrong... i have to admit that its pretty clever.
Out of curiosity, how did you know this was happening?
-
Just read that document.
While the intent of the document may be wrong... i have to admit that its pretty clever.
Out of curiosity, how did you know this was happening?
And how did they know his FTP password?
As for how he knew, he pro'ly reads his cite logs unlike so many other site owners.
Jerry
-
Sounds like a good place to add your own trojan.
-
No member here has posted with that IP address.
It is an AOL account (probably dial-up).
Note the details, date and time of the attack and send your concerns here: abuse@aol.net
I'd simply reccomend against running a public ftp folder, there are plenty of other more secure solutions.
(things like http://www.webfilebrowser.org/ )
Hope you get it sorted out and get that file deleted. If your ftp is infected please do not link it here in the meantime, thanks.
-
yeap got it taken care of for now. long process but its cleaned. as for finding it, i chk everyday. lol. logs and for new files. i have the access set to anynomus for this communtiy. so right now there current isnt a password required. so all i have to do is keep an eye on it. as thats all ppl can do is add files not change anything outside the ftp site.
-
It's not all that hard, look people do port scans of addresses...port 21 is usually whats used for FTP. When they get responses on that port, they see how secure the FTP server is. If you have limited or no security...
Then bam, they use it for warez.