I'm a newbie at setting up an ftp server, and even right now things are not working entirely correctly, but recently I checked my logs, and I noticed that somebody was trying to hack my server. I'm just running filezilla nothing fancy. What makes me nervous is that they got in, without a lot of attempts (per the logs). I have their IP address, is there a way to find out more information as to where this is coming from. I'm actually seeing that it is coming from the same city I'm in - NYC.
Research on an IP trying to hack my ftp server
- Thread starter DeadSeaSquirrels
- Start date
realize that running something like FTP on the open web WILL attract the script kiddies, secure and track logs. If they got in, your bad, but the worst (assuming you are using a fairly current filezilla server) is that they may have downloaded files. I don't think filezilla has any active/known vulnerabilites (at least I haven's seen any on Secunia in the last year or so that I remember).
- Oct 25, 1999
- 29,552
- 429
- 126
If the IP belongs to a private owner (Like a big business) you can try to contact the Boss IT there.
However in most likely it is an IP that comes from an ISP service (Verizon Time Warner, etc.)
ISPs are not allowed by law to reveal user?s ID.
The only way you can go about it is to take a lawyer and get to court and get a Subpoena.
You are in luck; NYC is probably the best place in the world to find a good lawyer to help you in the legal process.
BTW. The median fee is about $350 per hour.
However in most likely it is an IP that comes from an ISP service (Verizon Time Warner, etc.)
ISPs are not allowed by law to reveal user?s ID.
The only way you can go about it is to take a lawyer and get to court and get a Subpoena.
You are in luck; NYC is probably the best place in the world to find a good lawyer to help you in the legal process.
BTW. The median fee is about $350 per hour.
Modelworks
Lifer
- Feb 22, 2007
- 16,240
- 7
- 76
Use the ip address to find out who that block of addresses belongs to.
Then send an email to the owners abuse department, usually abuse@isp.com
Send the ip address along with date and time/time zone.
I have gotten results from doing this before, but usually you will not hear anything back.
Also if they got in I suggest you use better passwords and logins on the server.
There is an option on that server to block an ip after so many failed login attempts
might want to use that.
Also consider changing the default port .
Then send an email to the owners abuse department, usually abuse@isp.com
Send the ip address along with date and time/time zone.
I have gotten results from doing this before, but usually you will not hear anything back.
Also if they got in I suggest you use better passwords and logins on the server.
There is an option on that server to block an ip after so many failed login attempts
might want to use that.
Also consider changing the default port .
abuse reports are just about worthless, especially since many of the originating IP's are hacked machines themselves and/or overseas, where they don't give a damn. Most of mine come from the netherlands and China right now. So far today, I have seen 725 failed attempts (some of those are valid, but that is less then 20 probably)
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 411
Facebook
Twitter