Hackers Part 2
Well apparently they think they can still get in. hahahaha!
Here is one attempt:
21:25:55 220.127.116.11 USER anonymous 331
21:25:55 18.104.22.168 PASS Ugpuser@home.com 230
21:25:55 22.214.171.124 MKD 031025232433p 550
21:26:00 126.96.36.199 MKD 031025232438p 550
21:26:00 188.8.131.52 MKD 031025232439p 550
And another, this one is a bit more specific. I wonder who 'AK' is?:
17:36:57 184.108.40.206 USER anonymous 331
17:36:57 220.127.116.11 PASS ANONYMOUS@ON.THE.NET 230
17:37:13 18.104.22.168 MKD /com1.aux.lptr.lock++#####++tag+++++for++++++++ak+++++/+ 550
17:37:38 22.214.171.124 QUIT - 226
I don't get it...:
23:56:09 126.96.36.199 USER anonymous 331
23:56:09 188.8.131.52 PASS Pgpuser@home.com 230
23:56:11 184.108.40.206 MKD 031028005455p 550
Only four attempts since I locked things down. Not too bad.
06:43:25 220.127.116.11 USER anonymous 331
06:43:25 18.104.22.168 PASS Xgpuser@home.com 230
06:43:27 22.214.171.124 MKD 031028014211p 550
Ok after a little research I've discovered the "email@example.com" user password is generated via the application called Grim's Ping. It's basically an application that port scans for FTP server with annoymous upload enabled. Technically it's not a hacker tool because there could be legitimate free public FTP servers, but really I can't see that being a reality. The reality is that it searches for misconfigured FTP servers. Once a user finds an open FTP server, you can bet it'll be used for warez, as mine was.
So that means really only the user at IP 126.96.36.199 really made a personal effort to connect to my FTP server. The others just used a free app. I suspect Mr./Ms. 81 actually used a similar application previously and simply had not realized I locked the FTP server down yet.
For the fun of it, here is where these lUsers came from:
IP: 188.8.131.52, ISP: Deutsche Telekom AG, Country: Germany, City: Unknown. The user is on dial-up
IP: 184.108.40.206, ISP: Retevision SA, Country: Spain, City: Madrid Not 100% certain about city
IP: 220.127.116.11, ISP: T-Online France - Club Internet, Country: France, City: Lost after Paris Sprint ISP
IP: 18.104.22.168, ISP: Bell Canada, Country: Canada, City: Toronto
Well that was fun. Time for bed. Night night.