Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Someone tried to hack my ftp lastnight.
New Posts  All Forums:Forum Nav:

Someone tried to hack my ftp lastnight.

post #1 of 62
Thread Starter 
Today I logged onto my server to check on some things and I noticed a list of failed attempts to log into my ftp.

Here is a log sample

Code:
(000001) 4/11/2011 20:44:36 PM - (not logged in) (64.15.155.24)> USER Administrator
(000001) 4/11/2011 20:44:36 PM - (not logged in) (64.15.155.24)> 331 Password required for administrator
(000001) 4/11/2011 20:44:38 PM - (not logged in) (64.15.155.24)> PASS 123456
(000001) 4/11/2011 20:44:38 PM - (not logged in) (64.15.155.24)> 530 Login or password incorrect!
(000001) 4/11/2011 20:44:42 PM - (not logged in) (64.15.155.24)> USER Administrator
(000001) 4/11/2011 20:44:42 PM - (not logged in) (64.15.155.24)> 331 Password required for administrator
(000001) 4/11/2011 20:44:45 PM - (not logged in) (64.15.155.24)> PASS newpass
(000001) 4/11/2011 20:44:45 PM - (not logged in) (64.15.155.24)> 530 Login or password incorrect!
(000001) 4/11/2011 20:44:52 PM - (not logged in) (64.15.155.24)> USER Administrator
(000001) 4/11/2011 20:44:52 PM - (not logged in) (64.15.155.24)> 331 Password required for administrator
(000001) 4/11/2011 20:44:58 PM - (not logged in) (64.15.155.24)> PASS notused
(000001) 4/11/2011 20:44:58 PM - (not logged in) (64.15.155.24)> 530 Login or password incorrect!
(000001) 4/11/2011 20:45:12 PM - (not logged in) (64.15.155.24)> USER Administrator
(000001) 4/11/2011 20:45:12 PM - (not logged in) (64.15.155.24)> 331 Password required for administrator
(000001) 4/11/2011 20:45:22 PM - (not logged in) (64.15.155.24)> PASS Hockey
(000001) 4/11/2011 20:45:22 PM - (not logged in) (64.15.155.24)> 530 Login or password incorrect!
The ip came from canada and the person who attempted was obviously a noob, reminds me of my first attempt at brute-forcing except I knew to use proxy's. Thanks for reminding me to turn on autoban

Heads up to anyone with a server to blacklist this ip before this guy learns what he is doing.

By the way, in case my hunch is correct and the attempt came from a member here, dont bother with my ftp anyways unless your looking for lulz pictures and some crappy hammer map files me and a buddy share, your not going to find anything important.
Daily Desktop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X2 555 Black @ 4.0 MSI 870A-G54 Radeon HD 5850 8 Gigs DDR3 1600 
OSMonitorKeyboardPower
Windows 7 Pro x64 22" Primary, 19" Secondary Razor Reclusa (Temp) Cheap 650 that I'm embarrassed of. 
CaseMouse
CM HAF 932 Black G5 
  hide details  
Reply
Daily Desktop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X2 555 Black @ 4.0 MSI 870A-G54 Radeon HD 5850 8 Gigs DDR3 1600 
OSMonitorKeyboardPower
Windows 7 Pro x64 22" Primary, 19" Secondary Razor Reclusa (Temp) Cheap 650 that I'm embarrassed of. 
CaseMouse
CM HAF 932 Black G5 
  hide details  
Reply
post #2 of 62
hockey, lol
Yeyo
(16 items)
 
Scarface PC pics
(47 photos)
 
CPUMotherboardGraphicsRAM
i7 3770k ASRock Extreme 4 Gen 3 EVGA 670FTW Gskill Sniper Low Voltage Series 1.25v 16GB 
Hard DriveOptical DriveCoolingOS
Intel 80GB G2- OCZ 60GB- 1TB Asus BD combo Megashadow Deluxe Edition  Win7 
MonitorPowerCaseAudio
40" Insignia  Seasonic X750w Sleeved red Corsair 500r White Asus Xonar DGX 
  hide details  
Reply
Yeyo
(16 items)
 
Scarface PC pics
(47 photos)
 
CPUMotherboardGraphicsRAM
i7 3770k ASRock Extreme 4 Gen 3 EVGA 670FTW Gskill Sniper Low Voltage Series 1.25v 16GB 
Hard DriveOptical DriveCoolingOS
Intel 80GB G2- OCZ 60GB- 1TB Asus BD combo Megashadow Deluxe Edition  Win7 
MonitorPowerCaseAudio
40" Insignia  Seasonic X750w Sleeved red Corsair 500r White Asus Xonar DGX 
  hide details  
Reply
post #3 of 62
lol you know he has a http on that ip it might be a hacked box ip belongs to courriel-quebec.com.
SABERWOLF
(18 items)
 
XEON-WOLF
(18 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6800K MSI X99A GAMING PRO CARBON EVGA GTX 1080 FTW Hydro Copper G.SKILL TridentZ Series 
Hard DriveCoolingCoolingCooling
Samsung EVO 850 500 EK-SBAY Dual DDC 3.2 PWM Serial Alphacool NexXxoS ST30 Full Copper Radiator 360 Hardware Labs Black Ice SR2 Multiport Black Car... 
CoolingCoolingOSMonitor
EK-CoolStream RAD XTC 420 koolance 380i Windows 10 Pro ASUS VW246H Black 24" 2ms 
PowerCaseMouseAudio
SeaSonic M12D SS-850 850W  Thermaltake core x71 CM Storm Sentinel Advance II Corsair Void 
CPUMotherboardGraphicsRAM
X5675@4400 1.344 ASUS P6X58D-E XfX RX480 RS F3-12800CL7T-6GBPI 6-7-6-21 1T 
RAMHard DriveHard DriveHard Drive
F3-12800CL9S-4GBRL WDC WD1001FALS-00J7B1 ST31000340AS WDC WD7500AAKS-00RBA0 
Hard DriveOptical DriveCoolingOS
Hitachi HDS723020BLA642 ihas 624-A SilverStone Heligon HE01 windows 10 64 Pro 
MonitorPowerCase
Vizio 42inch lcd tv CORSAIR CMPSU-950TX Modded Rocketfish 
  hide details  
Reply
SABERWOLF
(18 items)
 
XEON-WOLF
(18 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6800K MSI X99A GAMING PRO CARBON EVGA GTX 1080 FTW Hydro Copper G.SKILL TridentZ Series 
Hard DriveCoolingCoolingCooling
Samsung EVO 850 500 EK-SBAY Dual DDC 3.2 PWM Serial Alphacool NexXxoS ST30 Full Copper Radiator 360 Hardware Labs Black Ice SR2 Multiport Black Car... 
CoolingCoolingOSMonitor
EK-CoolStream RAD XTC 420 koolance 380i Windows 10 Pro ASUS VW246H Black 24" 2ms 
PowerCaseMouseAudio
SeaSonic M12D SS-850 850W  Thermaltake core x71 CM Storm Sentinel Advance II Corsair Void 
CPUMotherboardGraphicsRAM
X5675@4400 1.344 ASUS P6X58D-E XfX RX480 RS F3-12800CL7T-6GBPI 6-7-6-21 1T 
RAMHard DriveHard DriveHard Drive
F3-12800CL9S-4GBRL WDC WD1001FALS-00J7B1 ST31000340AS WDC WD7500AAKS-00RBA0 
Hard DriveOptical DriveCoolingOS
Hitachi HDS723020BLA642 ihas 624-A SilverStone Heligon HE01 windows 10 64 Pro 
MonitorPowerCase
Vizio 42inch lcd tv CORSAIR CMPSU-950TX Modded Rocketfish 
  hide details  
Reply
post #4 of 62
A Canadian guessing hockey as a password. So predictable lol.
Dozor
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD X2 555 BE ASUS M4A785TD-V EVO/U3S6 lookin 4 one G.SKILL Ripjaws CL9 4GB (2 x 2GB) DDR3 1600 
Hard DriveOSMonitorKeyboard
WD 500GB 7200RPM Windows 7 Pro x64 Bit Samsung 2233RZ @ 100 Hz HHKB P2 w/ Blank Keycaps 
PowerCaseMouseMouse Pad
CX430 NZXT M59 Steelseries Xai Steelseries 9HD 
  hide details  
Reply
Dozor
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD X2 555 BE ASUS M4A785TD-V EVO/U3S6 lookin 4 one G.SKILL Ripjaws CL9 4GB (2 x 2GB) DDR3 1600 
Hard DriveOSMonitorKeyboard
WD 500GB 7200RPM Windows 7 Pro x64 Bit Samsung 2233RZ @ 100 Hz HHKB P2 w/ Blank Keycaps 
PowerCaseMouseMouse Pad
CX430 NZXT M59 Steelseries Xai Steelseries 9HD 
  hide details  
Reply
post #5 of 62
Thread Starter 
Stay away from my megahurtz jou damn Canadians.


Edited by Tw34k - 4/12/11 at 7:11pm
Daily Desktop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X2 555 Black @ 4.0 MSI 870A-G54 Radeon HD 5850 8 Gigs DDR3 1600 
OSMonitorKeyboardPower
Windows 7 Pro x64 22" Primary, 19" Secondary Razor Reclusa (Temp) Cheap 650 that I'm embarrassed of. 
CaseMouse
CM HAF 932 Black G5 
  hide details  
Reply
Daily Desktop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X2 555 Black @ 4.0 MSI 870A-G54 Radeon HD 5850 8 Gigs DDR3 1600 
OSMonitorKeyboardPower
Windows 7 Pro x64 22" Primary, 19" Secondary Razor Reclusa (Temp) Cheap 650 that I'm embarrassed of. 
CaseMouse
CM HAF 932 Black G5 
  hide details  
Reply
post #6 of 62
Quote:
Originally Posted by Tw34k View Post
Stay away from my megahurtz jou damn Canadians.

i can't help it... that porn collection will be mine
post #7 of 62
Quote:
Originally Posted by Tw34k View Post
Today I logged onto my server to check on some things and I noticed a list of failed attempts to log into my ftp.

The ip came from canada and the person who attempted was obviously a noob, reminds me of my first attempt at brute-forcing except I knew to use proxy's. Thanks for reminding me to turn on autoban

Heads up to anyone with a server to blacklist this ip before this guy learns what he is doing.
Taking a random attack kind of personally huh?
Any common service on a default port will get brute forced.
When my server had SSH on the default I'd get 8-10 brute force attempts per day.

Also, you have no idea if they are using a proxy or not.

Not sure about that last statement, or somehow any random person is going to specifically come across one internet user and somehow they are going to randomly guess your IP and attempt to exploit your server? Come on now..
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #8 of 62
Quote:
Originally Posted by beers View Post
Taking a random attack kind of personally huh?
Any common service on a default port will get brute forced.
When my server had SSH on the default I'd get 8-10 brute force attempts per day.

Also, you have no idea if they are using a proxy or not.

Not sure about that last statement, or somehow any random person is going to specifically come across one internet user and somehow they are going to randomly guess your IP and attempt to exploit your server? Come on now..
Ya little digging i did says that is a proxy or hacked box it was in some spam lists as a spam ip to probly been infected and is part of a botnet.
SABERWOLF
(18 items)
 
XEON-WOLF
(18 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6800K MSI X99A GAMING PRO CARBON EVGA GTX 1080 FTW Hydro Copper G.SKILL TridentZ Series 
Hard DriveCoolingCoolingCooling
Samsung EVO 850 500 EK-SBAY Dual DDC 3.2 PWM Serial Alphacool NexXxoS ST30 Full Copper Radiator 360 Hardware Labs Black Ice SR2 Multiport Black Car... 
CoolingCoolingOSMonitor
EK-CoolStream RAD XTC 420 koolance 380i Windows 10 Pro ASUS VW246H Black 24" 2ms 
PowerCaseMouseAudio
SeaSonic M12D SS-850 850W  Thermaltake core x71 CM Storm Sentinel Advance II Corsair Void 
CPUMotherboardGraphicsRAM
X5675@4400 1.344 ASUS P6X58D-E XfX RX480 RS F3-12800CL7T-6GBPI 6-7-6-21 1T 
RAMHard DriveHard DriveHard Drive
F3-12800CL9S-4GBRL WDC WD1001FALS-00J7B1 ST31000340AS WDC WD7500AAKS-00RBA0 
Hard DriveOptical DriveCoolingOS
Hitachi HDS723020BLA642 ihas 624-A SilverStone Heligon HE01 windows 10 64 Pro 
MonitorPowerCase
Vizio 42inch lcd tv CORSAIR CMPSU-950TX Modded Rocketfish 
  hide details  
Reply
SABERWOLF
(18 items)
 
XEON-WOLF
(18 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6800K MSI X99A GAMING PRO CARBON EVGA GTX 1080 FTW Hydro Copper G.SKILL TridentZ Series 
Hard DriveCoolingCoolingCooling
Samsung EVO 850 500 EK-SBAY Dual DDC 3.2 PWM Serial Alphacool NexXxoS ST30 Full Copper Radiator 360 Hardware Labs Black Ice SR2 Multiport Black Car... 
CoolingCoolingOSMonitor
EK-CoolStream RAD XTC 420 koolance 380i Windows 10 Pro ASUS VW246H Black 24" 2ms 
PowerCaseMouseAudio
SeaSonic M12D SS-850 850W  Thermaltake core x71 CM Storm Sentinel Advance II Corsair Void 
CPUMotherboardGraphicsRAM
X5675@4400 1.344 ASUS P6X58D-E XfX RX480 RS F3-12800CL7T-6GBPI 6-7-6-21 1T 
RAMHard DriveHard DriveHard Drive
F3-12800CL9S-4GBRL WDC WD1001FALS-00J7B1 ST31000340AS WDC WD7500AAKS-00RBA0 
Hard DriveOptical DriveCoolingOS
Hitachi HDS723020BLA642 ihas 624-A SilverStone Heligon HE01 windows 10 64 Pro 
MonitorPowerCase
Vizio 42inch lcd tv CORSAIR CMPSU-950TX Modded Rocketfish 
  hide details  
Reply
post #9 of 62
Hockey...........
Blue Box
(15 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Asus P8P67 Sapphire 7950 Dual X  8gb gskill ripjaws x-1600  
Hard DriveOptical DriveCoolingOS
500 gb seagate Sony Corsair H60 Windows 7 Ultimate 64bit 
MonitorKeyboardPowerCase
22 inch V7 1680x1050 Steelseries Shift Keyboard Antec Neo eco 620w Cm 690 w/ 5 140mm fans 
MouseMouse PadAudio
Logitech mx518 random Altec lansing  
  hide details  
Reply
Blue Box
(15 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Asus P8P67 Sapphire 7950 Dual X  8gb gskill ripjaws x-1600  
Hard DriveOptical DriveCoolingOS
500 gb seagate Sony Corsair H60 Windows 7 Ultimate 64bit 
MonitorKeyboardPowerCase
22 inch V7 1680x1050 Steelseries Shift Keyboard Antec Neo eco 620w Cm 690 w/ 5 140mm fans 
MouseMouse PadAudio
Logitech mx518 random Altec lansing  
  hide details  
Reply
post #10 of 62
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Someone tried to hack my ftp lastnight.