Hackers Part 2
Well apparently they think they can still get in. hahahaha!
Here is one attempt:
21:25:55 217.82.245.135 [20]USER anonymous 331
21:25:55 217.82.245.135 [20]PASS Ugpuser@home.com 230
21:25:55 217.82.245.135 [20]MKD 031025232433p 550
21:26:00 217.82.245.135 [20]MKD 031025232438p 550
21:26:00 217.82.245.135 [20]MKD 031025232439p 550
And another, this one is a bit more specific. I wonder who 'AK' is?:
17:36:57 81.60.105.239 [25]USER anonymous 331
17:36:57 81.60.105.239 [25]PASS ANONYMOUS@ON.THE.NET 230
17:37:13 81.60.105.239 [25]MKD /com1.aux.lptr.lock++#####++tag+++++for++++++++ak+++++/+ 550
17:37:38 81.60.105.239 [25]QUIT - 226
I don't get it...:
23:56:09 212.194.141.155 [39]USER anonymous 331
23:56:09 212.194.141.155 [39]PASS Pgpuser@home.com 230
23:56:11 212.194.141.155 [39]MKD 031028005455p 550
Only four attempts since I locked things down. Not too bad.
06:43:25 67.68.198.22 [40]USER anonymous 331
06:43:25 67.68.198.22 [40]PASS Xgpuser@home.com 230
06:43:27 67.68.198.22 [40]MKD 031028014211p 550
Ok after a little research I've discovered the "_gpuser@home.com" user password is generated via the application called Grim's Ping. It's basically an application that port scans for FTP server with annoymous upload enabled. Technically it's not a hacker tool because there could be legitimate free public FTP servers, but really I can't see that being a reality. The reality is that it searches for misconfigured FTP servers. Once a user finds an open FTP server, you can bet it'll be used for warez, as mine was.
So that means really only the user at IP 81.60.105.239 really made a personal effort to connect to my FTP server. The others just used a free app. I suspect Mr./Ms. 81 actually used a similar application previously and simply had not realized I locked the FTP server down yet.
For the fun of it, here is where these lUsers came from:
IP: 217.82.245.135, ISP: Deutsche Telekom AG, Country: Germany, City: Unknown. The user is on dial-up
IP: 81.60.105.239, ISP: Retevision SA, Country: Spain, City: Madrid Not 100% certain about city
IP: 212.194.141.155, ISP: T-Online France - Club Internet, Country: France, City: Lost after Paris Sprint ISP
IP: 67.68.198.22, ISP: Bell Canada, Country: Canada, City: Toronto
Well that was fun. Time for bed. Night night.
No comments:
Post a Comment