Question

Locked

FTP site Hacked

By andy ·
We've been hacked.

I was monitoring my ftp log to verify that a customer had downloaded a file when I noticed someone had apparantly logged in 10 times in a 2 hour period. The ip address of the offending party (http://80.191.128.198/) shows up as Iranian in origin (not my customers location). I can think of a few images to display for them next time they hit it.
Any recommendations for added security. I am using a simple router/d-link firewall and XP
Password Protection with no anonymous access.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Ban the IP range

by The Listed 'G MAN' In reply to FTP site Hacked

& check your machine for viruses or unwanted content. If I were you a complete reinstall would be on the cards after an episode like this.

Collapse -

This is my recommendation as well

by jdclyde In reply to Ban the IP range

I always give the recommendation to do a wipe and reload anytime there is an intrusion.

There are too many backdoors that could have been opened once the intruder got in. Better safe than sorry.

The next step is also in agreement with the other poster, to allow access by your customers as needed. Ask their IP address. If they don't know, have them go to http://www.ipchicken.com and it will tell them the address they are accessing the internet as. Great when the user is behind a NAT and doesn't know what an IP address is.

Collapse -

Security

by retro77 In reply to FTP site Hacked

Increase the password length and complextion

Change the FTP firewall rule to only allow access from your client's public IP address/range.

Collapse -

and limit

by Dr Dij In reply to Security

password retries and increase timeouts

Collapse -

The Axis of Evil has declared cyberwar against us

by ManiacMan In reply to FTP site Hacked

Time to call the Dept of Homeland Security. I'd honestly get law enforcement involved because this is a crime against your system, but I don't know how much jurisdiction the FBI has beyond our local borders and considering we're talking about Iran, it gets even more complicated. I'd opt to upgrade to a more serious firewall like a Cisco PIX, because the low end firewalls are easily hacked as you've seen for yourself.

Back to Software Forum
6 total posts (Page 1 of 1)  

Software Forums