ataque? mi servidor...

14/09/2003 - 17:18 por Boris | Informe spam
Hola ...mi log del ftp me dio la siguiente informacion
es un ataque ?

Gracias

les pego el txt.


Boris

"
#Software: Microsoft Internet Information Services 5.1
#Version: 1.0
#Date: 2003-09-12 22:02:40
#Fields: time c-ip cs-method cs-uri-stem sc-status
22:02:40 80.13.10.216 [2]USER anonymous 331
22:02:40 80.13.10.216 [2]PASS Dgpuser@home.com 230
22:02:51 80.13.10.216 [2]MKD 030913000252p 257
22:02:51 80.13.10.216 [2]RMD 030913000252p 250
22:02:53 80.13.10.216 [2]closed - 426
22:14:57 68.116.0.127 [3]USER anonymous 331
22:14:57 68.116.0.127 [3]PASS anonymous@on.the.net 230
22:15:14 68.116.0.127 [3]MKD tagged 257
22:15:36 68.116.0.127 [3]MKD /+ 550
22:15:45 68.116.0.127 [3]MKD /+/ 257
22:16:44 68.116.0.127 [3]MKD /tagged/+ 550
22:16:59 68.116.0.127 [3]MKD /tagged 550
22:17:43 68.116.0.127 [3]RMD /tagged 250
22:17:59 68.116.0.127 [3]MKD /.tmp/+ 257
22:18:34 68.116.0.127 [3]MKD /.tmp/+/com1+/+ 550
22:18:47 68.116.0.127 [3]MKD /.tmp/+/+ 257
22:19:33 68.116.0.127 [3]MKD /.tmp/+/com1+/+ 257
22:19:53 68.116.0.127 [3]MKD /.tmp/+/com1+/+ 550
22:20:02 68.116.0.127 [3]MKD /.tmp/+/+/com1+/+ 550
22:20:58 68.116.0.127 [3]MKD /.tmp/+/OFXP 257
22:21:12 68.116.0.127 [3]MKD filled+by+BZ 257
22:22:19 68.116.0.127 [3]MKD HoverDesk.2.5.CRACKED-pH 257
22:24:04 68.116.0.127 [3]MKD Windowblinds.3.5.+.Keygen-TNO 257
22:25:30 68.116.0.127 [3]MKD [[[+2+pHiLES,+100%+completed+--BZ+]]] 257
22:25:39 68.116.0.127 [3]RNFR [[[+2+pHiLES,+100%+completed+--BZ+]]] 350
22:25:39 68.116.0.127 [3]RNTO [[[+3+pHiLES,+100%+completed+--BZ+]]] 250
22:25:48 68.116.0.127 [3]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/HDSetup.zip 550
22:30:22 68.116.0.127 [3]created HDSetup.zip 226
22:30:22 68.116.0.127 [3]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/ph_hd25.zip 550
22:30:47 68.116.0.127 [3]created ph_hd25.zip 226
22:30:47 68.116.0.127 [3]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/p-HeLL.nfo 550
22:30:49 68.116.0.127 [3]created p-HeLL.nfo 226
22:30:49 68.116.0.127 [3]QUIT - 226
22:31:39 68.116.0.127 [5]USER anonymous 331
22:31:39 68.116.0.127 [5]PASS anonymous@on.the.net 230
22:31:40 68.116.0.127 [5]sent /.tmp/+/ofxp/filled+by+BZ 550
22:31:40 68.116.0.127 [5]sent /.tmp/+/ofxp/filled+by+BZ 426
22:32:27 68.116.0.127 [5]MKD [[[+3+pHiLES+100%+Complete+--BZ+]]] 257
22:32:32 68.116.0.127 [5]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/TNO.NFO 550
22:32:33 68.116.0.127 [5]created TNO.NFO 226
22:32:33 68.116.0.127 [5]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/wb35_pub.exe 550
22:37:13 68.116.0.127 [5]created wb35_pub.exe 226
22:37:13 68.116.0.127 [5]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/tno-wb35.zip 550
22:37:19 68.116.0.127 [5]created tno-wb35.zip 226
22:37:19 68.116.0.127 [5]QUIT - 226
22:49:36 81.171.2.251 [12]USER anonymous 331
22:49:36 81.171.2.251 [12]PASS anonymous@on.the.net 230
22:49:38 81.171.2.251 [12]sent /.tmp/+/ofxp/filled+by+BZ 550
22:49:38 81.171.2.251 [12]sent /.tmp/+/ofxp/filled+by+BZ 426
22:49:51 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/p-HeLL.nfo 226
22:49:53 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/p-HeLL.nfo 226
22:49:57 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/HDSetup.zip 226
22:54:23 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/HDSetup.zip 226
22:54:23 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/ph_hd25.zip 226
22:54:47 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/ph_hd25.zip 226
22:54:50 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/TNO.NFO 226
22:54:53 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/TNO.NFO 226
22:54:56 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/tno-wb35.zip 226
22:55:02 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/tno-wb35.zip 226
22:55:02 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/wb35_pub.exe 226
22:59:17 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/wb35_pub.exe 226
22:59:41 81.171.2.251 [12]QUIT - 257

Preguntas similare

Leer las respuestas

#1 Miguel Angel
15/09/2003 - 11:17 | Informe spam
Pues tiene pinta de que alguien se está conectando a tu
máquina, y esta montando su propio servidor FTP para
compartir software. Haz un windowsupdate de tu máquina, y
revisa la seguridad de tu IIS.

Un saludo.


Hola ...mi log del ftp me dio la siguiente informacion
es un ataque ?

Gracias

les pego el txt.


Boris

"
#Software: Microsoft Internet Information Services 5.1
#Version: 1.0
#Date: 2003-09-12 22:02:40
#Fields: time c-ip cs-method cs-uri-stem sc-status
22:02:40 80.13.10.216 [2]USER anonymous 331
22:02:40 80.13.10.216 [2]PASS 230
22:02:51 80.13.10.216 [2]MKD 030913000252p 257
22:02:51 80.13.10.216 [2]RMD 030913000252p 250
22:02:53 80.13.10.216 [2]closed - 426
22:14:57 68.116.0.127 [3]USER anonymous 331
22:14:57 68.116.0.127 [3]PASS 230
22:15:14 68.116.0.127 [3]MKD tagged 257
22:15:36 68.116.0.127 [3]MKD /+ 550
22:15:45 68.116.0.127 [3]MKD /+/ 257
22:16:44 68.116.0.127 [3]MKD /tagged/+ 550
22:16:59 68.116.0.127 [3]MKD /tagged 550
22:17:43 68.116.0.127 [3]RMD /tagged 250
22:17:59 68.116.0.127 [3]MKD /.tmp/+ 257
22:18:34 68.116.0.127 [3]MKD /.tmp/+/com1+/+ 550
22:18:47 68.116.0.127 [3]MKD /.tmp/+/+ 257
22:19:33 68.116.0.127 [3]MKD /.tmp/+/com1+/+ 257
22:19:53 68.116.0.127 [3]MKD /.tmp/+/com1+/+ 550
22:20:02 68.116.0.127 [3]MKD /.tmp/+/+/com1+/+ 550
22:20:58 68.116.0.127 [3]MKD /.tmp/+/OFXP 257
22:21:12 68.116.0.127 [3]MKD filled+by+BZ 257
22:22:19 68.116.0.127 [3]MKD HoverDesk.2.5.CRACKED-pH 257
22:24:04 68.116.0.127 [3]MKD Windowblinds.3.5.+.Keygen-


TNO 257
22:25:30 68.116.0.127 [3]MKD [[[+2+pHiLES,+100%


+completed+--BZ+]]] 257
22:25:39 68.116.0.127 [3]RNFR [[[+2+pHiLES,+100%


+completed+--BZ+]]] 350
22:25:39 68.116.0.127 [3]RNTO [[[+3+pHiLES,+100%


+completed+--BZ+]]] 250
22:25:48 68.116.0.127 [3]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-


pH/HDSetup.zip 550
22:30:22 68.116.0.127 [3]created HDSetup.zip 226
22:30:22 68.116.0.127 [3]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-


pH/ph_hd25.zip 550
22:30:47 68.116.0.127 [3]created ph_hd25.zip 226
22:30:47 68.116.0.127 [3]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/p-


HeLL.nfo 550
22:30:49 68.116.0.127 [3]created p-HeLL.nfo 226
22:30:49 68.116.0.127 [3]QUIT - 226
22:31:39 68.116.0.127 [5]USER anonymous 331
22:31:39 68.116.0.127 [5]PASS 230
22:31:40 68.116.0.127 [5]sent /.tmp/+/ofxp/filled+by+BZ


550
22:31:40 68.116.0.127 [5]sent /.tmp/+/ofxp/filled+by+BZ


426
22:32:27 68.116.0.127 [5]MKD [[[+3+pHiLES+100%+Complete+--


BZ+]]] 257
22:32:32 68.116.0.127 [5]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-


TNO/TNO.NFO 550
22:32:33 68.116.0.127 [5]created TNO.NFO 226
22:32:33 68.116.0.127 [5]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-


TNO/wb35_pub.exe 550
22:37:13 68.116.0.127 [5]created wb35_pub.exe 226
22:37:13 68.116.0.127 [5]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-


TNO/tno-wb35.zip 550
22:37:19 68.116.0.127 [5]created tno-wb35.zip 226
22:37:19 68.116.0.127 [5]QUIT - 226
22:49:36 81.171.2.251 [12]USER anonymous 331
22:49:36 81.171.2.251 [12]PASS 230
22:49:38 81.171.2.251 [12]sent /.tmp/+/ofxp/filled+by+BZ


550
22:49:38 81.171.2.251 [12]sent /.tmp/+/ofxp/filled+by+BZ


426
22:49:51 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/p-


HeLL.nfo 226
22:49:53 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/p-


HeLL.nfo 226
22:49:57 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-


pH/HDSetup.zip 226
22:54:23 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-


pH/HDSetup.zip 226
22:54:23 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-


pH/ph_hd25.zip 226
22:54:47 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-


pH/ph_hd25.zip 226
22:54:50 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-


TNO/TNO.NFO 226
22:54:53 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-


TNO/TNO.NFO 226
22:54:56 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-


TNO/tno-wb35.zip 226
22:55:02 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-


TNO/tno-wb35.zip 226
22:55:02 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-


TNO/wb35_pub.exe 226
22:59:17 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-


TNO/wb35_pub.exe 226
22:59:41 81.171.2.251 [12]QUIT - 257


.

Respuesta Responder a este mensaje
#2 fcarballar
15/09/2003 - 20:59 | Informe spam
Bloque la "ip del presunto atacante" directamente desde tu firewall. Si no
tienes "firewall" bajatelo desde esta direccion
http://www.alerta-antivirus.es/
suerte...

"Boris" ha escrit en el missatge dels grups de
discussió:
Hola ...mi log del ftp me dio la siguiente informacion
es un ataque ?

Gracias

les pego el txt.


Boris

"
#Software: Microsoft Internet Information Services 5.1
#Version: 1.0
#Date: 2003-09-12 22:02:40
#Fields: time c-ip cs-method cs-uri-stem sc-status
22:02:40 80.13.10.216 [2]USER anonymous 331
22:02:40 80.13.10.216 [2]PASS 230
22:02:51 80.13.10.216 [2]MKD 030913000252p 257
22:02:51 80.13.10.216 [2]RMD 030913000252p 250
22:02:53 80.13.10.216 [2]closed - 426
22:14:57 68.116.0.127 [3]USER anonymous 331
22:14:57 68.116.0.127 [3]PASS 230
22:15:14 68.116.0.127 [3]MKD tagged 257
22:15:36 68.116.0.127 [3]MKD /+ 550
22:15:45 68.116.0.127 [3]MKD /+/ 257
22:16:44 68.116.0.127 [3]MKD /tagged/+ 550
22:16:59 68.116.0.127 [3]MKD /tagged 550
22:17:43 68.116.0.127 [3]RMD /tagged 250
22:17:59 68.116.0.127 [3]MKD /.tmp/+ 257
22:18:34 68.116.0.127 [3]MKD /.tmp/+/com1+/+ 550
22:18:47 68.116.0.127 [3]MKD /.tmp/+/+ 257
22:19:33 68.116.0.127 [3]MKD /.tmp/+/com1+/+ 257
22:19:53 68.116.0.127 [3]MKD /.tmp/+/com1+/+ 550
22:20:02 68.116.0.127 [3]MKD /.tmp/+/+/com1+/+ 550
22:20:58 68.116.0.127 [3]MKD /.tmp/+/OFXP 257
22:21:12 68.116.0.127 [3]MKD filled+by+BZ 257
22:22:19 68.116.0.127 [3]MKD HoverDesk.2.5.CRACKED-pH 257
22:24:04 68.116.0.127 [3]MKD Windowblinds.3.5.+.Keygen-TNO 257
22:25:30 68.116.0.127 [3]MKD [[[+2+pHiLES,+100%+completed+--BZ+]]] 257
22:25:39 68.116.0.127 [3]RNFR [[[+2+pHiLES,+100%+completed+--BZ+]]] 350
22:25:39 68.116.0.127 [3]RNTO [[[+3+pHiLES,+100%+completed+--BZ+]]] 250
22:25:48 68.116.0.127 [3]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/HDSetup.zip 550
22:30:22 68.116.0.127 [3]created HDSetup.zip 226
22:30:22 68.116.0.127 [3]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/ph_hd25.zip 550
22:30:47 68.116.0.127 [3]created ph_hd25.zip 226
22:30:47 68.116.0.127 [3]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/p-HeLL.nfo 550
22:30:49 68.116.0.127 [3]created p-HeLL.nfo 226
22:30:49 68.116.0.127 [3]QUIT - 226
22:31:39 68.116.0.127 [5]USER anonymous 331
22:31:39 68.116.0.127 [5]PASS 230
22:31:40 68.116.0.127 [5]sent /.tmp/+/ofxp/filled+by+BZ 550
22:31:40 68.116.0.127 [5]sent /.tmp/+/ofxp/filled+by+BZ 426
22:32:27 68.116.0.127 [5]MKD [[[+3+pHiLES+100%+Complete+--BZ+]]] 257
22:32:32 68.116.0.127 [5]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/TNO.NFO 550
22:32:33 68.116.0.127 [5]created TNO.NFO 226
22:32:33 68.116.0.127 [5]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/wb35_pub.exe 550
22:37:13 68.116.0.127 [5]created wb35_pub.exe 226
22:37:13 68.116.0.127 [5]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/tno-wb35.zip 550
22:37:19 68.116.0.127 [5]created tno-wb35.zip 226
22:37:19 68.116.0.127 [5]QUIT - 226
22:49:36 81.171.2.251 [12]USER anonymous 331
22:49:36 81.171.2.251 [12]PASS 230
22:49:38 81.171.2.251 [12]sent /.tmp/+/ofxp/filled+by+BZ 550
22:49:38 81.171.2.251 [12]sent /.tmp/+/ofxp/filled+by+BZ 426
22:49:51 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/p-HeLL.nfo 226
22:49:53 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/p-HeLL.nfo 226
22:49:57 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/HDSetup.zip 226
22:54:23 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/HDSetup.zip 226
22:54:23 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/ph_hd25.zip 226
22:54:47 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/HoverDesk.2.5.CRACKED-pH/ph_hd25.zip 226
22:54:50 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/TNO.NFO 226
22:54:53 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/TNO.NFO 226
22:54:56 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/tno-wb35.zip 226
22:55:02 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/tno-wb35.zip 226
22:55:02 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/wb35_pub.exe 226
22:59:17 81.171.2.251 [12]sent
/.tmp/+/ofxp/filled+by+BZ/Windowblinds.3.5.+.Keygen-TNO/wb35_pub.exe 226
22:59:41 81.171.2.251 [12]QUIT - 257


email Siga el debate Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaRespuesta Tengo una respuesta
Search Busqueda sugerida