04-Nov-2005
Caught one more
This morning I found one more in yesterday's operator.log:
%%%%%%%%%%% OPCOM 3-NOV-2005 16:18:14.05 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: p50836684.dip.t-dialin.net
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.051103170802p]
According TCPIP$ftp_anonymous.log, the access duration was about 1.50 seconds:
3-NOV-2005 16:18:12.64 User:anonymous logged in ident:Ogpuser@home.com from Host:p50836684.dip.t-dialin.net
3-NOV-2005 16:18:13.85 User:anonymous ident:Ogpuser@home.com status:00010001 CWD dir:WEB_DISK:[public.anonymous]
3-NOV-2005 16:18:14.24 User:anonymous ident:Ogpuser@home.com logged out
This one also tried to access (IIS?) directories - of course not present on Diana:
%TCPIP-I-FTP_SESCON, FTP SERVER: session connection from p50836684.dip.t-dialin.net at 3-NOV-2005 16:18:12.35
%TCPIP-I-FTP_NODE, client host name: p50836684.dip.t-dialin.net
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: /pub/
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00002: Failed to set default directory
%SYSTEM-W-BADIRECTORY, bad directory file format
and the same happened for these:
%TCPIP-I-FTP_OBJ, object: /public/
%TCPIP-I-FTP_OBJ, object: /pub/incoming/
%TCPIP-I-FTP_OBJ, object: /incoming/
%TCPIP-I-FTP_OBJ, object: /_vti_pvt/
Trying to push something on them and break in. How pathetic...
Of course, tried to create one, on a READ_ONLY location (but he doesn't know that!):
%TCPIP-I-FTP_NODE, client host name: p50836684.dip.t-dialin.net
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: WEB_DISK:[public.anonymous.051103170802p]
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00002: Failed to create directory
%SYSTEM-F-NOPRIV, insufficient privilege or object protection violation
I guess it was this UPLOAD directory:
%TCPIP-I-FTP_NODE, client host name: p50836684.dip.t-dialin.net
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: /upload/
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00002: Failed to set default directory
%SYSTEM-W-BADIRECTORY, bad directory file format
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_SESDCN, FTP SERVER: session disconnection from p50836684.dip.t-dialin.net at 3-NOV-2005 16:18:14.29
and the script broak down because it didn't exist.
I'm happy to have a VMS box.
The attempt was made from a German ISP, when I accessed http://www.t-dialin.net I got to http://www.t-online.de so these will be warned about the attempt.
posted by SYSMGR @ 10:30 AM
0 Comments:
Post a Comment
<< Home