Author Topic: My FTP is getting hacked each day ! (Read 5237 times)

Spacedust · « **on:** 2013-05-08, 01:55:49 »

What's this Mustafa !!! I've created a test domain with just phpinfo.php file on it.

188.138.112.23 - admin2 [06/May/2013:17:58:02 +0200] "PUT /home/admin2/test.domain.pl/j3CQRFYD.gif" 200 10
188.138.112.23 - admin2 [06/May/2013:17:59:08 +0200] "PUT /home/admin2/test.domain.pl/php.php" 200 27
188.138.112.23 - admin2 [06/May/2013:17:59:15 +0200] "PUT /home/admin2/test.domain.pl/php.php" 200 105936
82.165.150.42 - admin2 [06/May/2013:22:54:12 +0200] "PUT /home/admin2/test.domain.pl/xw7WN9cR.gif" 200 10
82.165.150.42 - admin2 [06/May/2013:22:55:21 +0200] "PUT /home/admin2/test.domain.pl/php.php" 200 105936
82.165.150.42 - admin2 [06/May/2013:22:55:36 +0200] "GET /home/admin2/test.domain.pl/.htaccess" 200 1585
82.165.150.42 - admin2 [06/May/2013:22:55:36 +0200] "PUT /home/admin2/test.domain.pl/.htaccess" 200 3247
82.165.150.42 - admin2 [06/May/2013:22:55:37 +0200] "GET /home/admin2/test.domain.pl/.htaccess" 200 3298
82.165.150.42 - admin2 [06/May/2013:22:55:37 +0200] "PUT /home/admin2/test.domain.pl/.htaccess" 200 3247
188.138.112.23 - admin2 [06/May/2013:23:26:56 +0200] "PUT /home/admin2/test.domain.pl/GrvwJTBq.gif" 200 10
188.138.112.23 - admin2 [06/May/2013:23:28:03 +0200] "PUT /home/admin2/test.domain.pl/php.php" 200 105936
62.149.195.237 - admin2 [06/May/2013:23:28:32 +0200] "PUT /home/admin2/test.domain.pl/YjkXnxZd.gif" 200 10
62.149.195.237 - admin2 [06/May/2013:23:29:38 +0200] "PUT /home/admin2/test.domain.pl/box.php" 200 27
62.149.195.237 - admin2 [06/May/2013:23:29:40 +0200] "PUT /home/admin2/test.domain.pl/box.php" 200 105936

Inside there is something strange - professionally written virus that steal passwords, databases etc. !

MRatWork · « **Reply #1 on:** 2013-05-08, 03:15:34 »

Read http://xavsec.blogspot.com/2006_09_01_archive.html

Spacedust · « **Reply #2 on:** 2013-05-08, 18:26:11 »

How to protect ?

MRatWork · « **Reply #3 on:** 2013-05-08, 19:17:43 »

Try disable anonymous ftp and change ftp password.

Spacedust · « **Reply #4 on:** 2013-05-08, 19:23:47 »

Quote from: "MRatWork"

Try disable anonymous ftp and change ftp password.

Anonymous FTP is already disabled. Changing FTP password does not help.

MRatWork · « **Reply #5 on:** 2013-05-08, 19:55:25 »

What about rkhunter log?. If your system have backdoor, ftp is not importance.

Spacedust · « **Reply #6 on:** 2013-05-08, 20:07:06 »

Quote from: "MRatWork"

What about rkhunter log?. If your system have backdoor, ftp is not importance.

No backdoors :/

Spacedust · « **Reply #7 on:** 2013-05-08, 20:44:18 »

I wrote a script so I will get e-mail if a different IP than mine logs on my FTP accounts

MRatWork · « **Reply #8 on:** 2013-05-08, 22:29:18 »

I am not sure this issue related to with pure-ftpd (as ftp server). As I know no report about pure-ftp vulnerability.

But, please googling about pure-ftp vulnerability.

Spacedust · « **Reply #9 on:** 2013-05-08, 23:11:43 »

Quote from: "MRatWork"

I am not sure this issue related to with pure-ftpd (as ftp server). As I know no report about pure-ftp vulnerability.

But, please googling about pure-ftp vulnerability.

I will monitor this and keep you informed.

Author Topic: My FTP is getting hacked each day ! (Read 5237 times)

Spacedust

My FTP is getting hacked each day !

MRatWork

Re: My FTP is getting hacked each day !

Spacedust

Re: My FTP is getting hacked each day !

MRatWork

Re: My FTP is getting hacked each day !

Spacedust

Re: My FTP is getting hacked each day !

MRatWork

Re: My FTP is getting hacked each day !

Spacedust

Re: My FTP is getting hacked each day !

Spacedust

Re: My FTP is getting hacked each day !

MRatWork

Re: My FTP is getting hacked each day !

Spacedust

Re: My FTP is getting hacked each day !