I've recently been working on getting an ftp site up. It's mostly a learning experience, but I was checking the logs today, and had a rather amusing anonymous login. The person tried to get to several different directories that didn't exist on my system such as /incoming, /anonymous/incoming, /_vti_cnf, /home /ftproot, /wwwroot and so on. Most look like windows http directories. Total time on the system was about 20 seconds or so. Was this someone trying to hack/upload via a script? TIA Mike -- Powered by SuSE 8.1 Kernel 2.4.19 KDE 3.1.1 Kmail 1.5.1 For SuSE Mondo/Mindi backup support go to http://www.mikenjane.net/~mike 10:02am up 7 days, 13:05, 6 users, load average: 1.80, 1.92, 1.91
On Sunday 27 April 2003 03:02, Mike wrote:
I've recently been working on getting an ftp site up. It's mostly a learning experience, but I was checking the logs today, and had a rather amusing anonymous login. The person tried to get to several different directories that didn't exist on my system such as /incoming, /anonymous/incoming, /_vti_cnf, /home /ftproot, /wwwroot and so on. Most look like windows http directories. Total time on the system was about 20 seconds or so. Was this someone trying to hack/upload via a script?
TIA Mike
This was most likely an automated script or binary. You are right; these are the default directories for a windows machine. I'd lock down the ftp if you are worried about it. Don't use anonymous capabilities of the ftp daemon. However, i wouldn't worry to much about them "hacking" you. Obviously, this person isn't too knowledgable trying to exploit a *NIX node using Windows specific directories. ;) -- Thomas Jones Linux-Howtos Administrator
participants (2)
-
Mike
-
Thomas Jones