OK it's my fault. I was playing around with anonymous ftp and forgot to kill ftp when I
was done. This morning I noticed I had a lot of activity on my hub and My son was at work.
So I knew it was him. So looking at my logs I found this.
Sun Aug 26 22:10:42 2001 201 acaen-101-1-3-7.abo.wanadoo.fr 3223552
/data/anonymous/COM1_/SCAN/TAGG/UP/BY/PuppetMaster/Le_pactes_des_Loups_/CD1/le_pacte_des_loup_part1_(divx4.0_2_pass__AC3).00.r41
b _ i g ftp ftp 0 * c
So I promptly stopped ftp and removed the abover dir. Note it wouldn't let me remove COM1_
dir so I deleted the whole tree /data/anonymous.
Now my question is since ftp is no longer running and I've removed the anonymous dir why
does my log now showed this? The time is at least 2 hours after I shut off the anonymous
access.
Mon Aug 27 12:10:15 2001 56 acaen-101-1-3-7.abo.wanadoo.fr 906840
/data/anonymous/COM1_/SCAN/TAGG/UP/BY/PuppetMaster/Le_pactes_des_Loups_/CD2/le_pacte_des_loup_part2_(divx4.0_2_pass__AC3).00.r00
b _ i g ftp ftp 0 * c
How can they still be xfering files that no longer exist on my system? Well at least they
aren't in the /data/anonymous dir tree.
If I try to ftp to my machine using anonymous I receive this message. 530 Can't set guest
privileges.
Login failed. Which I would expect as I removed the anonymous ftp userid. So how can
these script kiddies still be getting in?
And whats a good program to use to find this kind of stuff? I'm not sure how long this
would have went on if I hadn't noticed my hub lites working so hard.
Thanks
Mike M.
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:08:24 EDT