Questions

FTP site Hacked

Tags:
+
0 Votes
Locked

FTP site Hacked

andy
We've been hacked.

I was monitoring my ftp log to verify that a customer had downloaded a file when I noticed someone had apparantly logged in 10 times in a 2 hour period. The ip address of the offending party (http://80.191.128.198/) shows up as Iranian in origin (not my customers location). I can think of a few images to display for them next time they hit it.
Any recommendations for added security. I am using a simple router/d-link firewall and XP
Password Protection with no anonymous access.
  • +
    0 Votes
    The Listed 'G MAN'

    & check your machine for viruses or unwanted content. If I were you a complete reinstall would be on the cards after an episode like this.

    +
    0 Votes
    jdclyde

    I always give the recommendation to do a wipe and reload anytime there is an intrusion.

    There are too many backdoors that could have been opened once the intruder got in. Better safe than sorry.

    The next step is also in agreement with the other poster, to allow access by your customers as needed. Ask their IP address. If they don't know, have them go to http://www.ipchicken.com and it will tell them the address they are accessing the internet as. Great when the user is behind a NAT and doesn't know what an IP address is.

    +
    0 Votes
    retro77

    Increase the password length and complextion

    Change the FTP firewall rule to only allow access from your client's public IP address/range.

    +
    0 Votes
    Dr Dij

    password retries and increase timeouts

    +
    0 Votes
    ManiacMan

    Time to call the Dept of Homeland Security. I'd honestly get law enforcement involved because this is a crime against your system, but I don't know how much jurisdiction the FBI has beyond our local borders and considering we're talking about Iran, it gets even more complicated. I'd opt to upgrade to a more serious firewall like a Cisco PIX, because the low end firewalls are easily hacked as you've seen for yourself.

  • +
    0 Votes
    The Listed 'G MAN'

    & check your machine for viruses or unwanted content. If I were you a complete reinstall would be on the cards after an episode like this.

    +
    0 Votes
    jdclyde

    I always give the recommendation to do a wipe and reload anytime there is an intrusion.

    There are too many backdoors that could have been opened once the intruder got in. Better safe than sorry.

    The next step is also in agreement with the other poster, to allow access by your customers as needed. Ask their IP address. If they don't know, have them go to http://www.ipchicken.com and it will tell them the address they are accessing the internet as. Great when the user is behind a NAT and doesn't know what an IP address is.

    +
    0 Votes
    retro77

    Increase the password length and complextion

    Change the FTP firewall rule to only allow access from your client's public IP address/range.

    +
    0 Votes
    Dr Dij

    password retries and increase timeouts

    +
    0 Votes
    ManiacMan

    Time to call the Dept of Homeland Security. I'd honestly get law enforcement involved because this is a crime against your system, but I don't know how much jurisdiction the FBI has beyond our local borders and considering we're talking about Iran, it gets even more complicated. I'd opt to upgrade to a more serious firewall like a Cisco PIX, because the low end firewalls are easily hacked as you've seen for yourself.