's VADV-PHP Home

Message Area

Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages!

You are not logged in. Login here for full access privileges.

Previous Message | Next Message | Back to Synchronet Multinode BBS Softwar... <-- <---

Return to Home Page

Synchronet Multinode BBS Softwar... [218 / 900]

From

Subject

Date/Time

Mortifis

Daryl Stout

Re: Active User Hacking Attem

February 24, 2019
4:36 PM *

 >   Originally to a reply to Mortifis, but I had another issue develop,
 > that I felt could go under the same topic...so I addressed it to ALL.

 > ***

 > M>FYI  an person from this IP address 66.70.247.19 has been actively trying
 > to M>hack my personal accounts ... you may want to keep an eye on your logs
 > or put M>66.70.247.19 in your ip.can file

 >   Done.

 >   On another note, every so often, in the FTP server, I see something
 > like this -- all Occurred on Feb. 22, 2019 in about a minute of time. I
 > deleted those date and time stamps from the log file excerpt posted
 > here.

 > **

 > 1420 CTRL connection accepted from: 89.238.162.147 port 57848
 > 1420 Hostname: 89-238-162-147.uk1.lunarnetwork.net
 > 1420 Guest: <admin123>
 > 1420 <Guest> logged in (1 today, 36251 total)
 > 1420 <Guest> detailed listing: root in passive mode
 > 1420 <Guest> DATA Transfer successful: 297 bytes sent in 0 seconds (594 cps)
 > 1420 <Guest> downloading 00index.html for / in passive mode
 > 1420 <Guest> DATA Transfer successful: 3263 bytes sent in 0 seconds (6526
 > cps) 1420 <Guest> file (/Photo.scr) not found for SIZE command

 >   Yet, when I was constantly getting stuff like this, was when I "locked
 > down" the file areas. I've even debated REMOVING the Guest User account
 > (no more browsing the BBS without an official application for access,
 > and logon)...and I believe some Sysops have done such.

I removed the Guest account and stopped getting connections looking for
photo.scr (which incidentally is a trojan) in order to activate that virus


 >   The bottom line is, when this occurs, are they actually uploading a
 > file, or just trying to see if it's "online". And, aside from blocking
 > said IP address after the fact, is there any harm being done to the
 > system with this??

I do not believe there is any harm being done, if you decide to NOT remove the
guest account, at least disable guest uploads, espcially to sysop.

and grab the http://myip.ms/files/general/full_blacklist_d... and
extract/merge it with your ip.can file ... there are over 54,000 known
blacklisted ip addresses in it 

2 wrongs don't make a right, but 3 left turns will get you back on the freeway!

---
 ■ Synchronet ■ AlleyCat! BBS - http://alleycat.synchro.net:81
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Previous Message | Next Message | Back to Synchronet Multinode BBS Softwar... <-- <---

Return to Home Page

Execution Time: 0.0885 seconds

If you experience any problems with this website or need help, contact the webmaster.
VADV-PHP Copyright © 2002-2024 Steve Winn, Aspect Technologies. All Rights Reserved.
Virtual Advanced Copyright © 1995-1997 Roland De Graaf.
v2.0.140505