Hacked@!!@!!

Charles Morin Thu, 05 Jul 2001 09:59:48 -0700
I just discovered that someone has hacked into our webserver through FTP and
has been using our server for storage of pornsite stuff among other things.
Below is the first logfile that appears to be the first attempt. I am not
sure how they got around security on the Firewall and the Server but there
are also directories that cannot be deleted and display nofile info. This is
a NT4 server running IIS 4.0

If anyone has seen this before that can fill me in on who might have done
this and how I can delete the directory titled NiGHtWaR   I would definitely
appreciate it.

08:24:02 172.16.2.251 [1]USER anonymous 331
08:24:02 172.16.2.251 [1]PASS [EMAIL PROTECTED] 230
08:47:11 172.16.2.251 [2]USER anonymous 331
08:47:11 172.16.2.251 [2]PASS [EMAIL PROTECTED] 230
08:47:55 172.16.2.251 [2]created Tagged 226
08:48:26 172.16.2.251 [2]created Tagged 226
08:50:21 172.16.2.251 [2]ABORT - 226
08:50:21 172.16.2.251 [2]sent /_vti_pvt/_vti_cnf/Tagged 426
08:50:44 172.16.2.251 [2]QUIT - 426
12:49:56 172.16.2.251 [3]USER anonymous 331
12:49:56 172.16.2.251 [3]PASS [EMAIL PROTECTED] 230
14:07:42 172.16.2.251 [4]USER anonymous 331
14:07:42 172.16.2.251 [4]PASS [EMAIL PROTECTED] 230
14:08:19 172.16.2.251 [4]sent /upload/TAGGED+.txt 550
14:08:21 172.16.2.251 [4]created TAGGED+.txt 226
14:23:01 172.16.2.251 [4]QUIT - 257
14:23:13 172.16.2.251 [5]USER anonymous 331
14:23:13 172.16.2.251 [5]PASS [EMAIL PROTECTED] 230
14:25:03 172.16.2.251 [5]sent
/upload/.Tagged+RoccoBoard+Team/COM1/1/1mb.test 550

Thank You,
Charles Morin
Director Information Technology
New Horizons Computer Learning Centers
[EMAIL PROTECTED]
ph:805.496.9690
fx:805.496.9780



This email and any files transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they are
addressed.  This communication may contain material protected by the
attorney-client privilege.  If you are not the intended recipient or the
person responsible for delivering the e-mail to the intended recipient, be
advised that you have received this e-mail in error and that any use,
dissemination, forwarding, bringing or copying of this email is strictly
prohibited.  If you have received this e-mail in error; please immediately
notify New Horizons front desk by telephone at 1-805-496-9690.  You will be
reimbursed for reasonable costs incurred in notifying us.

_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
Hacked@!!@!!

Reply via email to
