Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.computer.security
FTP hacker

FTP hacker

FTP hacker. Discuss FTP hacker, on Wireless Forums.

Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 09-18-2006, 11:59 PM
Rick Merrill
Guest
  
Posts: n/a
Default FTP hacker
Do you think this is the guy who tried to get into my
FTP server?



Jay Schuster
Address:PO Box 422, Richmond, VT 05446
Phone:(802) 434-6609


http://www.fundrace.org/neighbors.ph...Search+by+Name




09/17/06 19:00:48 whois 75.10.91.73@whois.arin.net

whois -h whois.arin.net 75.10.91.73 ...
SBC Internet Services SBCIS-SBIS-6BLK (NET-75-0-0-0-1)
75.0.0.0 - 75.63.255.255
JAMES SCHUSTER ATTORNEY-060408021914 SBC07501009107229060408021942
(NET-75-10-91-72-1)
75.10.91.72 - 75.10.91.79

# ARIN WHOIS database, last updated 2006-09-16 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.



Aug 31 14:01:00 ImageServer905 /USR/SBIN/CRON[17520]: (root) CMD (
/var/cron/scripts/rotate_logs)
Aug 31 14:05:16 ImageServer905 proftpd[17606]: Proxy Initialized.
Aug 31 14:05:16 ImageServer905 proftpd[17606]: (ProxyEnable) Directive
Assigned (off).
Aug 31 14:05:16 ImageServer905 proftpd[17606]: (ProxyEnable) Directive
Assigned (on).
Aug 31 14:05:16 ImageServer905 proftpd[17606]: (ProxyControlPort)
Directive Assigned (36000).
Aug 31 14:05:16 ImageServer905 proftpd[17606]: (ProxyDataPort)
Directive Assigned (36036).
Aug 31 14:05:16 ImageServer905 proftpd[17606]: (ProxyHost) Directive
Assigned (127.0.0.1).
Aug 31 14:05:16 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - Proxy Session Initialized.
Aug 31 14:05:16 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - FTP session opened.
Aug 31 14:05:16 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (USER:anonymous) seen by
procesor
Aug 31 14:05:16 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (PASS:Qgpuser@home.com)
seen by procesor
Aug 31 14:05:16 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - no such group 'ftp'
Aug 31 14:05:16 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - ANON anonymous: Login successful.
Aug 31 14:05:16 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - Preparing to chroot() the environment,
path = '/data'
Aug 31 14:05:16 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - Environment successfully chroot()ed.
Aug 31 14:05:16 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (CWD:/) seen by procesor
Aug 31 14:05:16 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - sendCmd: CWD /
Aug 31 14:05:16 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - openFifos
Aug 31 14:05:16 ImageServer905 transfer: new ftp session: pid=17606
Aug 31 14:05:17 ImageServer905 transfer: FTP Cmd: CWD /
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - Handshake response=502: Proxy Command
Declined
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (CWD:/) redirected by
procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (MKD:060831140355p) seen
by procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - sendCmd: MKD 060831140355p
Aug 31 14:05:17 ImageServer905 transfer: FTP Cmd: MKD 060831140355p
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - Handshake response=502: Proxy Command
Declined
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (MKD:060831140355p)
redirected by procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (CWD:/pub/) seen by
procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - sendCmd: CWD /pub/
Aug 31 14:05:17 ImageServer905 transfer: FTP Cmd: CWD /pub/
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - Handshake response=502: Proxy Command
Declined
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (CWD:/pub/) redirected by
procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (CWD:/public/) seen by
procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - sendCmd: CWD /public/
Aug 31 14:05:17 ImageServer905 transfer: FTP Cmd: CWD /public/
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - Handshake response=502: Proxy Command
Declined
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (CWD:/public/) redirected
by procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (CWD:/_vti_pvt/) seen by
procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - sendCmd: CWD /_vti_pvt/
Aug 31 14:05:17 ImageServer905 transfer: FTP Cmd: CWD /_vti_pvt/
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - Handshake response=502: Proxy Command
Declined
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (CWD:/_vti_pvt/)
redirected by procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (CWD:/_vti_txt/) seen by
procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - sendCmd: CWD /_vti_txt/
Aug 31 14:05:17 ImageServer905 transfer: FTP Cmd: CWD /_vti_txt/
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - Handshake response=502: Proxy Command
Declined
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (CWD:/_vti_txt/)
redirected by procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (CWD:/_vti_cfg/) seen by
procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - sendCmd: CWD /_vti_cfg/
Aug 31 14:05:17 ImageServer905 transfer: FTP Cmd: CWD /_vti_cfg/
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - Handshake response=502: Proxy Command
Declined
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (CWD:/_vti_cfg/)
redirected by procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (CWD:/_vti_log/) seen by
procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - sendCmd: CWD /_vti_log/
Aug 31 14:05:17 ImageServer905 transfer: FTP Cmd: CWD /_vti_log/
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - Handshake response=502: Proxy Command
Declined
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - SIMPLE COMMAND (CWD:/_vti_log/)
redirected by procesor
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - Proxy Terminated.
Aug 31 14:05:17 ImageServer905 proftpd[17606]: ImageServer905
(75.10.91.73[75.10.91.73]) - FTP session closed.
Aug 31 14:05:17 ImageServer905 transfer: socket closed; port=10014

Reply With Quote
  #2 (permalink)  
Old 09-19-2006, 12:13 AM
David H. Lipman
Guest
  
Posts: n/a
Default Re: FTP hacker
From: "Rick Merrill" <rick0.merrill@NOSPAM.gmail.com>

| Do you think this is the guy who tried to get into my
| FTP server?
|
| Jay Schuster
| Address:PO Box 422, Richmond, VT 05446
| Phone:(802) 434-6609
|
|
http://www.fundrace.org/neighbors.ph...Search+by+Name
|
| 09/17/06 19:00:48 whois 75.10.91.73@whois.arin.net
|
| whois -h whois.arin.net 75.10.91.73 ...
| SBC Internet Services SBCIS-SBIS-6BLK (NET-75-0-0-0-1)
| 75.0.0.0 - 75.63.255.255
| JAMES SCHUSTER ATTORNEY-060408021914 SBC07501009107229060408021942
| (NET-75-10-91-72-1)
| 75.10.91.72 - 75.10.91.79
|

< snip >

How do you connect Plano Texas to Richmond Vermont ?

If it isn't the same person, do you think it was a good idea to post the person'a ddress and
phone number ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Reply With Quote
  #3 (permalink)  
Old 09-19-2006, 02:38 AM
Todd H.
Guest
  
Posts: n/a
Default Re: FTP hacker
Rick Merrill <rick0.merrill@NOSPAM.gmail.com> writes:

> Do you think this is the guy who tried to get into my
> FTP server?

An automated attack may have originated from one of the machines with
the IP block owned by him sure.

But could be the bored front office assistant surfing the net with an
unpatched Internet Explorer, or running without the latest Windows
Server update that got owned by a remote exploit, the machine is
infected and the machine is part of a bot net they don't even know
about.

Thousands of such machines on the internet. Not sure I'd be posting
attorney's address information and making accusations like that
without knowing more than you do.

Best Regards,
--
Todd H.
http://www.toddh.net/

Reply With Quote
  #4 (permalink)  
Old 09-19-2006, 03:55 PM
Rick Merrill
Guest
  
Posts: n/a
Default Re: FTP hacker
Todd H. wrote:
> Rick Merrill <rick0.merrill@NOSPAM.gmail.com> writes:
>
>
>>Do you think this is the guy who tried to get into my
>>FTP server?
>
>
> An automated attack may have originated from one of the machines with
> the IP block owned by him sure.
>
> But could be the bored front office assistant surfing the net with an
> unpatched Internet Explorer, or running without the latest Windows
> Server update that got owned by a remote exploit, the machine is
> infected and the machine is part of a bot net they don't even know
> about.
>
> Thousands of such machines on the internet. Not sure I'd be posting
> attorney's address information and making accusations like that
> without knowing more than you do.
>
> Best Regards,


That's true - let'im sue me ;-)

I have found other people have had the same information.

Thanks for the scenario alternatives.


Reply With Quote
  #5 (permalink)  
Old 09-19-2006, 10:32 PM
Rick Merrill
Guest
  
Posts: n/a
Default Re: FTP hacker
I contacted the owner of the IP range and
he has taken steps to protect his system from
this exploit.

Thanks for cautioning me that the attorney might
be an innocent, not the hacker, as that was the case.




Reply With Quote
Sponsored Links
Reply

« wireless tool / apps archives | How to report Spam in Usenet? »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How useful is a vulnerable home computer ? Shiva comp.security.misc 3 04-08-2007 03:01 PM
Certified Ethical Hacker, CHFI, LPT, ECSA trainer121@gmail.com alt.computer.security 0 11-07-2006 06:30 PM
Hacker Problem Neil comp.security.misc 1 09-25-2006 02:30 PM
HACKER FOUND GUILTY IN MASSIVE DATA THEFT CASE Imhotep alt.computer.security 0 08-18-2005 02:00 PM
Access to "hacker's" computer legal? TV Slug alt.internet.wireless 12 08-04-2005 09:06 PM


All times are GMT. The time now is 04:21 AM.

Contact Us - Wireless Support Forum - Archive - Top - Bike Forums - Cooking Junkies Forums

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45