Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Chinese trying to hack my FTP...
New Posts  All Forums:Forum Nav:

Chinese trying to hack my FTP...

post #1 of 4
Thread Starter 
For the past week or so, I've been getting logs like this from my FTP server: Warning: Spoiler! (Click to show)
(000081)11/7/2013 16:38:04 PM - (not logged in) (61.163.86.26)> Connected, sending welcome message...
(000081)11/7/2013 16:38:04 PM - (not logged in) (61.163.86.26)> 220-FileZilla Server version 0.9.41 beta
(000081)11/7/2013 16:38:04 PM - (not logged in) (61.163.86.26)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000081)11/7/2013 16:38:04 PM - (not logged in) (61.163.86.26)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000081)11/7/2013 16:38:05 PM - (not logged in) (61.163.86.26)> USER Administrator
(000081)11/7/2013 16:38:05 PM - (not logged in) (61.163.86.26)> 331 Password required for administrator
(000081)11/7/2013 16:38:06 PM - (not logged in) (61.163.86.26)> PASS p0s
(000081)11/7/2013 16:38:06 PM - (not logged in) (61.163.86.26)> 530 Login or password incorrect!
(000081)11/7/2013 16:38:06 PM - (not logged in) (61.163.86.26)> USER Administrator
(000081)11/7/2013 16:38:06 PM - (not logged in) (61.163.86.26)> 331 Password required for administrator
(000081)11/7/2013 16:38:06 PM - (not logged in) (61.163.86.26)> PASS P0$
(000081)11/7/2013 16:38:06 PM - (not logged in) (61.163.86.26)> 530 Login or password incorrect!
(000081)11/7/2013 16:38:07 PM - (not logged in) (61.163.86.26)> USER Administrator
(000081)11/7/2013 16:38:07 PM - (not logged in) (61.163.86.26)> 331 Password required for administrator
(000081)11/7/2013 16:38:07 PM - (not logged in) (61.163.86.26)> PASS pos
(000081)11/7/2013 16:38:07 PM - (not logged in) (61.163.86.26)> 530 Login or password incorrect!
(000081)11/7/2013 16:38:07 PM - (not logged in) (61.163.86.26)> USER Administrator
(000081)11/7/2013 16:38:07 PM - (not logged in) (61.163.86.26)> 331 Password required for administrator
(000081)11/7/2013 16:38:08 PM - (not logged in) (61.163.86.26)> PASS pos1
(000081)11/7/2013 16:38:08 PM - (not logged in) (61.163.86.26)> 530 Login or password incorrect!
(000081)11/7/2013 16:38:10 PM - (not logged in) (61.163.86.26)> USER Administrator
(000081)11/7/2013 16:38:10 PM - (not logged in) (61.163.86.26)> 331 Password required for administrator
(000081)11/7/2013 16:38:13 PM - (not logged in) (61.163.86.26)> PASS pos123
(000081)11/7/2013 16:38:13 PM - (not logged in) (61.163.86.26)> 530 Login or password incorrect!
(000081)11/7/2013 16:38:17 PM - (not logged in) (61.163.86.26)> USER Administrator
(000081)11/7/2013 16:38:17 PM - (not logged in) (61.163.86.26)> 331 Password required for administrator
(000081)11/7/2013 16:38:20 PM - (not logged in) (61.163.86.26)> 421 Login time exceeded. Closing control connection.
(000081)11/7/2013 16:38:20 PM - (not logged in) (61.163.86.26)> disconnected.
(000082)11/7/2013 16:38:20 PM - (not logged in) (61.163.86.26)> Connected, sending welcome message...
(000082)11/7/2013 16:38:20 PM - (not logged in) (61.163.86.26)> 220-FileZilla Server version 0.9.41 beta
(000082)11/7/2013 16:38:20 PM - (not logged in) (61.163.86.26)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000082)11/7/2013 16:38:20 PM - (not logged in) (61.163.86.26)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000082)11/7/2013 16:38:21 PM - (not logged in) (61.163.86.26)> USER Administrator
(000082)11/7/2013 16:38:21 PM - (not logged in) (61.163.86.26)> 331 Password required for administrator
(000082)11/7/2013 16:38:21 PM - (not logged in) (61.163.86.26)> PASS admin1
(000082)11/7/2013 16:38:21 PM - (not logged in) (61.163.86.26)> 530 Login or password incorrect!
(000082)11/7/2013 16:38:21 PM - (not logged in) (61.163.86.26)> USER Administrator
(000082)11/7/2013 16:38:21 PM - (not logged in) (61.163.86.26)> 331 Password required for administrator
(000082)11/7/2013 16:38:22 PM - (not logged in) (61.163.86.26)> PASS @dm1n
(000082)11/7/2013 16:38:22 PM - (not logged in) (61.163.86.26)> 530 Login or password incorrect!
(000082)11/7/2013 16:38:22 PM - (not logged in) (61.163.86.26)> USER Administrator
(000082)11/7/2013 16:38:22 PM - (not logged in) (61.163.86.26)> 331 Password required for administrator
(000082)11/7/2013 16:38:22 PM - (not logged in) (61.163.86.26)> PASS @dmin
(000082)11/7/2013 16:38:22 PM - (not logged in) (61.163.86.26)> 530 Login or password incorrect!
(000082)11/7/2013 16:38:23 PM - (not logged in) (61.163.86.26)> USER Administrator
(000082)11/7/2013 16:38:23 PM - (not logged in) (61.163.86.26)> 331 Password required for administrator
(000082)11/7/2013 16:38:24 PM - (not logged in) (61.163.86.26)> PASS adm1n
(000082)11/7/2013 16:38:24 PM - (not logged in) (61.163.86.26)> 530 Login or password incorrect!
(000082)11/7/2013 16:38:26 PM - (not logged in) (61.163.86.26)> USER Administrator
(000082)11/7/2013 16:38:26 PM - (not logged in) (61.163.86.26)> 331 Password required for administrator
(000082)11/7/2013 16:38:28 PM - (not logged in) (61.163.86.26)> PASS admin123
(000082)11/7/2013 16:38:28 PM - (not logged in) (61.163.86.26)> 421 Temporarily banned for too many failed login attempts
(000082)11/7/2013 16:38:28 PM - (not logged in) (61.163.86.26)> disconnected.
Most are from a 61.x.x.x IP. I've added 61.0.0.0/8 to the FTP block list, but is there anything else I should be doing? The "Adminstrator" account doesn't even exist on my FTP server, and I'm using FTPES with 1024-bit SSL.

I've also got RDP exposed on my lP, should I be worrying about that too?
post #2 of 4
I'd use SFTP instead and move it off of a default port. The default port portion is huge for reducing the frequency of automated 'bot' type attacks that just scan IP ranges all day.

You can also make a block list for IP blocks allocated for nations if you want to reject particular origination traffic.
post #3 of 4
Thread Starter 
Unfortunately my ISP has blocked most all other ports. Is SFTP better than FTPS?
post #4 of 4
People will take a swing at anything, Try using white lists rather than blacklists where possible smile.gif, for example allow all of say the US rather than the world. Other things that can help are items such as fail to ban

The thong which is good to rember is as long as you manage patches, and hve stong passwords you usualy oki
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Chinese trying to hack my FTP...