Aloha,
I saw in my logs today an attempt to install a bunch of directories on
my
box in the /home/ftp/pub/.. area. So far, it does not appear to have been
successful, but I am now curious how this may have happened. I am running
MonMotha's firewall (pre9) and the TCP_ALLOW variable is empty. In other
words, I should not be allowing anything in except in response to an already
established connection (I think). Anyway, there it is in my log, an attempt
ot install a bunch of directories. Now I am wondering a few things.
1) How did the cracker get past the firewall?
2) Does this represent a hole that can be plugged?
3) What else should I check or do to make sure that I'm not "owned" by
someone but me?
4) How can I keep this person out in the future?
Thanks,
Ben
