Someone is trying to brute force my FTP server.

Toggle sidebar Toggle sidebar
I

InlineFour

Banned
Nov 1, 2005
3,194
0
0
[5] Sun 11Jun06 11:59:35 - (016705) Too many times wrong password for user "TOM" - disconnecting
[5] Sun 11Jun06 11:59:35 - (016705) Closing connection
[5] Sun 11Jun06 11:59:35 - (016706) Connected to 138.23.13.198 (Local address 192.168.1.2)
[5] Sun 11Jun06 11:59:36 - (016706) Too many times wrong password for user "TOM" - disconnecting
[5] Sun 11Jun06 11:59:36 - (016706) Closing connection
[5] Sun 11Jun06 11:59:36 - (016707) Connected to 138.23.13.198 (Local address 192.168.1.2)
[5] Sun 11Jun06 11:59:37 - (016707) Too many times wrong password for user "TOM" - disconnecting
[5] Sun 11Jun06 11:59:37 - (016707) Closing connection
[5] Sun 11Jun06 11:59:37 - (016708) Connected to 138.23.13.198 (Local address 192.168.1.2)
[5] Sun 11Jun06 11:59:38 - (016708) Too many times wrong password for user "TOM" - disconnecting
[5] Sun 11Jun06 11:59:38 - (016708) Closing connection
[5] Sun 11Jun06 11:59:38 - (016709) Connected to 138.23.13.198 (Local address 192.168.1.2)
[5] Sun 11Jun06 11:59:39 - (016709) Too many times wrong password for user "TOM" - disconnecting
[5] Sun 11Jun06 11:59:39 - (016709) Closing connection
[5] Sun 11Jun06 11:59:39 - (016710) Connected to 138.23.13.198 (Local address 192.168.1.2)
Click to expand...
this was just part of the log. he kept trying to get in until i banned his IP.

i looked up his ip address and got this:

* OrgName: University of California
* OrgID: UNIVER-211
* Address: Academic Computing Center
* City: Riverside
* StateProv: CA
* PostalCode: 92521
* Country: US
* NetRange: 138.23.0.0 - 138.23.255.255
* CIDR: 138.23.0.0/16
* NetName: UCRNET
* NetHandle: NET-138-23-0-0-1
* Parent: NET-138-0-0-0-0
* NetType: Direct Assignment
* NameServer: NS1.UCR.EDU
* NameServer: NS2.UCR.EDU
* NameServer: NS3.UCR.EDU
* Comment:
* RegDate: 1990-01-24
* Updated: 2003-02-14
* RTechHandle: RH326-ARIN
* RTechName: Harvey, Russ
* RTechPhone: +1-951-827-7668
* RTechEmail: Russ-Harvey@ucr.edu
-
* End of /ipwhois

should i contact the university?

 
I

imported_LoKe

Lifer
Jun 4, 2005
19,723
1
0
Call him up, and when he answers, say "Too many times wrong password for user "Russ" - disconnecting" then hang up.
 
mugs

mugs

Lifer
Apr 29, 2003
48,920
46
91
Originally posted by: LoKe
Call him up, and when he answers, say "Too many times wrong password for user "Russ" - disconnecting"
Click to expand...

Russ will have no idea what the OP is talking about, because Russ is not the person who is doing this.
 
A

altonb1

Diamond Member
Feb 5, 2002
6,432
0
71
Originally posted by: mugs
Originally posted by: LoKe
Call him up, and when he answers, say "Too many times wrong password for user "Russ" - disconnecting"
Click to expand...

Russ will have no idea what the OP is talking about, because Russ is not the person who is doing this.
Click to expand...

But that WOULD be funny, though...
 
Braznor

Braznor

Diamond Member
Oct 9, 2005
4,767
435
126

OP, you are screwed unless you get rid of all the kiddie porn from your server ;)
 
pray4mojo

pray4mojo

Diamond Member
Mar 8, 2003
3,647
0
0
if that was it i wouldn't even worry about it. maybe someone just gave him the wrong server address and he tried a few times and it didnt work.
 
Evadman

Evadman

Administrator Emeritus<br>Elite Member
Feb 18, 2001
30,990
5
81
Originally posted by: pray4mojo
if that was it i wouldn't even worry about it. maybe someone just gave him the wrong server address and he tried a few times and it didnt work.
Click to expand...

Did you see the times between the login attempts? 15 login attempts in 4 seconds. This was a brute force attack.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom