hokey fuckin dokey pac-man, i've figgered it out :( the ftp server on my lovely new box had been set to allow anonymous ftp connections ... thereby making it possible for anyone scanning ip's for an open ftp port FULLY able to send any files they wanted .... my way
not nice. so, i now have to start the search for any odd files that might have been ftp'd, and i hope that i turned on ftp logging :) trouble is i did not configure this stuff, i simply imagined that they would have done it for me... more news at 11. tw On 9/7/05, Tony <[EMAIL PROTECTED]> wrote: > do you think someone dropped a game on my box to burn it? > > hmmmm > > wtf? > > tw > > On 9/7/05, Matthew Blatchley <[EMAIL PROTECTED]> wrote: > > That is strange...the .cue file are Instructions for the burning application > > of how to burn the disk. And I'm thinking the .001 - .031 are the sectors > > it's burning...if that's what they really are... Do you even use your > > server as a game server? > > > > > > > > ----- Original Message ----- > > From: "Tony" <[EMAIL PROTECTED]> > > To: "CF-Community" <[email protected]> > > Sent: Wednesday, September 07, 2005 10:41 PM > > Subject: Re: help!! > > > > > > > there are files in the last directory, each 25,001 bytes called > > > MOHDAEF.001 - .031 > > > and a final MOHDAEF.cue file. > > > > > > strange. > > > > > > tw > > > > > > On 9/7/05, Matthew Blatchley <[EMAIL PROTECTED]> wrote: > > >> Would a SQL injection attack and creating a folder are two different acts > > >> right? SQL injection attack is through the web form...and the creation > > >> of a > > >> folder is by someone getting into the box...yeah? > > >> > > >> ----- Original Message ----- > > >> From: "Jerry Johnson" <[EMAIL PROTECTED]> > > >> To: "CF-Community" <[email protected]> > > >> Sent: Wednesday, September 07, 2005 10:08 PM > > >> Subject: Re: help!! > > >> > > >> > > >> > Yes, of course you should bw worried. (Which you know) > > >> > > > >> > Could it have been a SQL injection attack going through your blog > > >> > comments? > > >> > Is your cfide structure in a non-standard place? > > >> > I assume you have all patches in place for SQL, IIS, CF and your OS, > > >> > yes? > > >> > > > >> > Can you tell what user created the folder? > > >> > Is there anything in the folder? > > >> > Can you tell what time the folder was created, and then match that up > > >> > to SQL logs, IIS logs and CF logs? > > >> > > > >> > FWIW: > > >> > Bender is a windows virus (W32.Bender.1363) > > >> > Bender is a character from Futurama. In The Honking, Bender is > > >> > infected with a virus that turns him into a murderous car each evening > > >> > at midnight. They also mention K.I.T.T. in this episode (from Knight > > >> > Rider) > > >> > Medal of Honnor En Formation looks like the french spelling > > >> > lpt5, lpt4 and com0 are communication ports (printer, serial) > > >> > > > >> > > > >> > On 9/7/05, Tony <[EMAIL PROTECTED]> wrote: > > >> >> D:\webserver\.tag4\ . lpt5\ .ΓΏ lpt4\ . com0\ [EMAIL > > >> >> PROTECTED] > > >> >> [[Bender scan -- K.I.T.T tagg]]\ .K.I.T.T\Medal of Honnor-En > > >> >> Formation > > >> >> > > >> >> is a path on my new dedicated box on my server that just magically > > >> >> showed > > >> >> up. > > >> >> > > >> >> i ran a full scan on the box, came up with nothing. > > >> >> > > >> >> question: should i be worried? > > >> >> > > >> >> also, today, i noticed a BUTTLOAD of traffic from a certain group of > > >> >> ipaddresses... > > >> >> they all came from: > > >> >> > > >> >> 203.28.159.135 - 203.28.15.138 > > >> >> > > >> >> to my blog page. > > >> >> > > >> >> and i just dont know wtf to do, or where to start, ive googled most > > >> >> parts of the path, the TAG of the fucknut who did something, but im > > >> >> not sure where to go with this one. > > >> >> > > >> >> thanks. > > >> >> tony > > >> >> > > >> >> > > >> >> -- > > >> >> ....tony > > >> >> > > >> >> Tony Weeg > > >> >> tonyweeg [at] gmail [dot] com > > >> >> > > >> >> > > >> > > > >> > > > >> > > >> > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:5:173236 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
