-
October 25th, 2010, 09:45 AM
#1
How do hackers find our ftp site?
I've set up a simple ftp site at our office. We have a static ip from our ISP, so I installed the Xlight ftp server and also set up our domain to point to it when someone types in ftp.ourwebsite.com.
There have been a number of times when I've gotten onto the computer that is hosting the ftp site and looked at who is currently accessing the ftp and it shows an ip address hammering it with the username "admin" or "student". When I do a reverse DNS on the ip address it usually shows up as coming from South Korea, China or Russia.
So I'm wondering:
1. How do these people find our ftp site when it is unpublished? Are they using some program that just searches random ip addresses until it finds one that has an ftp on the other end?
2. Should I be worried about someone getting into the site if we don't have an "admin" login or "student" login, since that's the only two usernames I've ever seen these "hackers" try?
Thanks.
-
October 25th, 2010, 10:11 AM
#2
ping ourwebsite.com or pinging the IP address:
will probably return a positive hit and gets the jucises flowing to see what they can find.
If you're happy and you know it......it's your meds.
-
October 25th, 2010, 10:30 AM
#3
They find the site by testing for a response from a range of IP addresses using software designed for that purpose.
Your ftp software may have an option to ban an IP address or a range of IP addresses. If none of your employees or customers need access to your ftp site from an Asian IP address, just ban the entire range.
I have seen them try a range of user names, so make sure you have secure passwords. I would also suggest user names that are less likely to be tried than simple one-word names.
-
October 25th, 2010, 10:41 AM
#4
Thanks. Also, if they were to gain access to one of the accounts, is there a way for them to get read/write access to other parts of the network or are they confined to what that account allows?
-
October 25th, 2010, 10:50 AM
#5
Under ordinary circumstances they would only have the same rights as a normal user who had legitimately logged in. However, you can never be certain that they don't know of an exploit which may allow them wider privileges. There are plenty of zero-day exploits around, just ask Adobe
Nick.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|