wierd FTP question - TechRepublic
General discussion
March 7, 2005 at 04:26 PM
advancedgeek

wierd FTP question

by advancedgeek . Updated 21 years, 4 months ago

Ok…I’m hosting an FTP server off of my home cable isp. I’m running this on windows 2000as on my own domain named home.local (yes I am that much of a geek). I found a weird photo on my ftp server and I decided to find out who put it there, so I checked my logs…here is the relevent info:

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2005-03-07 01:00:59
#Fields: time c-ip cs-method cs-uri-stem sc-status
01:00:59 217.255.174.61 [41]USER anonymous 331
01:00:59 217.255.174.61 [41]PASS Kgpuser@home.com 530

I left the rest out for obvious reasons…so who is this person? Definately not one of MY user accounts. Turns out he didn’t get access (hopefully)…a friend of mine put that photo there. This ftp is not set up to allow anonymous users.

So…I googled the Kgpuser@home.com and guess what I found…a bunch of user’s with the same problems…ranging from connecting to printers to connecting to ftp servers. I looked at the IP provided, and I found out that a lot of them are from the same netrange…217.X.X.X. So, does anyone think that this is some form of the homeland dept checking out ftp servers for “terrorist activity” or maybe is it a hacker group?

I checked to see who the IP addy was registered too, and it turns out that the RIPE network coordination center in Amsterdam owns the 217.0.0.0 – 217.255.255.255 netrange.

Any imput as to who this kgpuser is…would be appreciative.

This discussion is locked

All Comments