How do hackers find our ftp site?
Results 1 to 5 of 5

Thread: How do hackers find our ftp site?

  1. October 25th, 2010, 09:45 AM #1
    Webshark2000's Avatar
    Webshark2000
    Webshark2000 is offline Virtual Resident
    Join Date
    Jun 2002
    Location
    Indiana
    Posts
    799

    How do hackers find our ftp site?

    I've set up a simple ftp site at our office. We have a static ip from our ISP, so I installed the Xlight ftp server and also set up our domain to point to it when someone types in ftp.ourwebsite.com.

    There have been a number of times when I've gotten onto the computer that is hosting the ftp site and looked at who is currently accessing the ftp and it shows an ip address hammering it with the username "admin" or "student". When I do a reverse DNS on the ip address it usually shows up as coming from South Korea, China or Russia.

    So I'm wondering:

    1. How do these people find our ftp site when it is unpublished? Are they using some program that just searches random ip addresses until it finds one that has an ftp on the other end?

    2. Should I be worried about someone getting into the site if we don't have an "admin" login or "student" login, since that's the only two usernames I've ever seen these "hackers" try?

    Thanks.
    Reply With Quote Reply With Quote
  2. October 25th, 2010, 10:11 AM #2
    Steve R Jones's Avatar
    Steve R Jones
    Steve R Jones is offline Administrator
    Join Date
    Sep 1999
    Location
    Largo, Fl.
    Posts
    22,332
    ping ourwebsite.com or pinging the IP address:

    will probably return a positive hit and gets the jucises flowing to see what they can find.
    If you're happy and you know it......it's your meds.
    Reply With Quote Reply With Quote
  3. October 25th, 2010, 10:30 AM #3
    jdc2000's Avatar
    jdc2000
    jdc2000 is offline Site Moderator
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    18,087
    They find the site by testing for a response from a range of IP addresses using software designed for that purpose.

    Your ftp software may have an option to ban an IP address or a range of IP addresses. If none of your employees or customers need access to your ftp site from an Asian IP address, just ban the entire range.

    I have seen them try a range of user names, so make sure you have secure passwords. I would also suggest user names that are less likely to be tried than simple one-word names.
    Reply With Quote Reply With Quote
  4. October 25th, 2010, 10:41 AM #4
    Webshark2000's Avatar
    Webshark2000
    Webshark2000 is offline Virtual Resident
    Join Date
    Jun 2002
    Location
    Indiana
    Posts
    799
    Thanks. Also, if they were to gain access to one of the accounts, is there a way for them to get read/write access to other parts of the network or are they confined to what that account allows?
    Reply With Quote Reply With Quote
  5. October 25th, 2010, 10:50 AM #5
    SuperSparks's Avatar
    SuperSparks
    SuperSparks is offline Friend of Site Staff
    Join Date
    Apr 2000
    Location
    Friern Barnet, London, England
    Posts
    46,565
    Under ordinary circumstances they would only have the same rights as a normal user who had legitimately logged in. However, you can never be certain that they don't know of an exploit which may allow them wider privileges. There are plenty of zero-day exploits around, just ask Adobe
    Nick.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules