It looks like you were initially probed by Grim's Ping. The tool can be
found at http://grimsping.cjb.net/. I ran into it about 7 months ago and set
up a blocker on our FTP site to prevent logins using [EMAIL PROTECTED] The
tool basically searches for writable and readable areas on FTP sites.
Ken McKinlay
613-599-9199 x506
[EMAIL PROTECTED]
> -----Original Message-----
> From: Charles Morin [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 05, 2001 13:05
> To: [EMAIL PROTECTED]
> Subject: Hacked@!!@!!
>
>
> I just discovered that someone has hacked into our webserver
> through FTP and
> has been using our server for storage of pornsite stuff among
> other things.
> Below is the first logfile that appears to be the first
> attempt. I am not
> sure how they got around security on the Firewall and the
> Server but there
> are also directories that cannot be deleted and display
> nofile info. This is
> a NT4 server running IIS 4.0
>
> If anyone has seen this before that can fill me in on who
> might have done
> this and how I can delete the directory titled NiGHtWaR I
> would definitely
> appreciate it.
>
> 08:24:02 172.16.2.251 [1]USER anonymous 331
> 08:24:02 172.16.2.251 [1]PASS [EMAIL PROTECTED] 230
> 08:47:11 172.16.2.251 [2]USER anonymous 331
> 08:47:11 172.16.2.251 [2]PASS [EMAIL PROTECTED] 230
> 08:47:55 172.16.2.251 [2]created Tagged 226
> 08:48:26 172.16.2.251 [2]created Tagged 226
> 08:50:21 172.16.2.251 [2]ABORT - 226
> 08:50:21 172.16.2.251 [2]sent /_vti_pvt/_vti_cnf/Tagged 426
> 08:50:44 172.16.2.251 [2]QUIT - 426
> 12:49:56 172.16.2.251 [3]USER anonymous 331
> 12:49:56 172.16.2.251 [3]PASS [EMAIL PROTECTED] 230
> 14:07:42 172.16.2.251 [4]USER anonymous 331
> 14:07:42 172.16.2.251 [4]PASS [EMAIL PROTECTED] 230
> 14:08:19 172.16.2.251 [4]sent /upload/TAGGED+.txt 550
> 14:08:21 172.16.2.251 [4]created TAGGED+.txt 226
> 14:23:01 172.16.2.251 [4]QUIT - 257
> 14:23:13 172.16.2.251 [5]USER anonymous 331
> 14:23:13 172.16.2.251 [5]PASS [EMAIL PROTECTED] 230
> 14:25:03 172.16.2.251 [5]sent
> /upload/.Tagged+RoccoBoard+Team/COM1/1/1mb.test 550
>
> Thank You,
> Charles Morin
> Director Information Technology
> New Horizons Computer Learning Centers
> [EMAIL PROTECTED]
> ph:805.496.9690
> fx:805.496.9780
>
>
>
> This email and any files transmitted with it are confidential and are
> intended solely for the use of the individual or entity to
> whom they are
> addressed. This communication may contain material protected by the
> attorney-client privilege. If you are not the intended
> recipient or the
> person responsible for delivering the e-mail to the intended
> recipient, be
> advised that you have received this e-mail in error and that any use,
> dissemination, forwarding, bringing or copying of this email
> is strictly
> prohibited. If you have received this e-mail in error;
> please immediately
> notify New Horizons front desk by telephone at
> 1-805-496-9690. You will be
> reimbursed for reasonable costs incurred in notifying us.
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
