28-Nov-2005

Another try to get in
Log revealed the attempt to retrieve a file - IIS, given the name:

%%%%%%%%%%% OPCOM 28-NOV-2005 15:30:19.73 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: 78.21.97-84.rev.gaoland.net Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.051128153020p]

%%%%%%%%%%% OPCOM 28-NOV-2005 15:30:20.12 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: 78.21.97-84.rev.gaoland.net
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.051128153020p]

in FTP log it shows the attempt costed just a few seconds:

28-NOV-2005 15:30:18.29 User:anonymous logged in ident:Ggpuser@home.com from Host:78.21.97-84.rev.gaoland.net
28-NOV-2005 15:30:19.62 User:anonymous ident:Ggpuser@home.com status:00010001 CWD dir:WEB_DISK:[public.anonymous]
28-NOV-2005 15:30:20.02 User:anonymous ident:Ggpuser@home.com status:00010001 CWD dir:WEB_DISK:[public.anonymous]
28-NOV-2005 15:30:23.03 User:anonymous ident:Ggpuser@home.com status:07649912 CWD dir:_vti_sript
28-NOV-2005 15:30:23.09 User:anonymous ident:Ggpuser@home.com status:07649912 CWD dir:_vti_inf_htlm
28-NOV-2005 15:30:23.14 User:anonymous ident:Ggpuser@home.com logged out

Must have been a script, no data in FTP_RUN.LOG. Maybe something needs to be checked because the last entry is of Nov 15th.

Checking gaoland.net:

Registrant:
LDCOM Networks (ldcomn0-org)
LDCOM Networks
1 square Chaptal
F-92309 Levallois Cedex
FR
Registrar....: Nordnet
Web..........: http://www.nordnet.net
Whois........: whois.nordnet.net
Domain Name: gaoland.net

There is no website www.gaoland.net, nordnet has, but they are just the registrar.