My FTP server just got brute forced

Information about exploits, how to use them, how to test for them, and new exploits.

Moderator: 127.0.0.1

My FTP server just got brute forced

Postby kostyanj » Fri Apr 11, 2003 6:37 pm

I'm a dumbass, I just did a clean reinstall of my OS and the FTP server and forgot to set the options for anti hammer and password attempts, My server just got brute forced. Luckily I stopped it in time before anything was damaged or deleted. I changed passwords, setup anti-hammering, and blocked the IP address that it was coming from.

Goddamn, I'm so pissed at myself.
User avatar
kostyanj
Admin
Admin
 
Posts: 836
Joined: Thu Feb 27, 2003 4:08 am

Postby wacky-sung » Fri Apr 11, 2003 8:41 pm

OH,i am so sad to hear that your FTP server is being hack into.Well,i did tell you before about it your vulnerablilty isn't it!Lucky no damage is done and be cuation next time.My FTP server use to be break by people inspite having the anti-hammer turn on and the FTP server i use is SERV-U which have lot of exploits found in it even to the current version which is not stated.
wacky-sung
End-Loser
End-Loser
 
Posts: 68
Joined: Mon Apr 07, 2003 4:30 am

Postby kostyanj » Fri Apr 11, 2003 8:45 pm

Serv-U is a bunch of sh*t. For windows, I use Bulletproof. For Linux, I use pro-ftpd. The latest version of bulletproof is pretty secure.

It's not like there was an exploit in the software, it was just brute forced. And that was my fault anyways.
User avatar
kostyanj
Admin
Admin
 
Posts: 836
Joined: Thu Feb 27, 2003 4:08 am

Postby wacky-sung » Fri Apr 11, 2003 8:52 pm

Oh yeah,i personally think that bulletproof is a good choice too.The problem is that for those who are new in setting up a FTP server and i will still recommend them using Serv-U.After getting know how to setup,i will tell them to move on to bulletproof FTP server.Bulletproof FTP server is simply much more complex than Serv-U for a newbie.
wacky-sung
End-Loser
End-Loser
 
Posts: 68
Joined: Mon Apr 07, 2003 4:30 am

Postby kostyanj » Fri Apr 11, 2003 8:56 pm

wacky-sung wrote:Oh yeah,i personally think that bulletproof is a good choice too.The problem is that for those who are new in setting up a FTP server and i will still recommend them using Serv-U.After getting know how to setup,i will tell them to move on to bulletproof FTP server.Bulletproof FTP server is simply much more complex than Serv-U for a newbie.



It's a matter of personal opinion, Bulletproof was the first one that I ever used. It's like people with their preferences of linux. Some people swear by Red Hat whereas other people only use Debian.
User avatar
kostyanj
Admin
Admin
 
Posts: 836
Joined: Thu Feb 27, 2003 4:08 am

Postby insecurepc » Fri Apr 11, 2003 8:59 pm

Is bulletproof some IDS or something else?
insecurepc
End-Loser
End-Loser
 
Posts: 56
Joined: Wed Apr 09, 2003 9:51 pm

Postby wacky-sung » Fri Apr 11, 2003 9:04 pm

insecurepc wrote:Is bulletproof some IDS or something else?


Bulletproof is a window FTP server.

Homepage
http://www.bpftp.com/overview.php?header=overview

Description
Code: Select all
This extensive (but by no means complete) list of features is the reason why BulletProof FTP is considered to be the best FTP client around. Check out the awards page if you don't believe us :)

Download files in any order, from any directory on an FTP site. 

Automatically reconnect and resume from where it left off if the connection is lost, or no data is received for a specified period of time. This works with uploading as well! 

Browse the FTP site from the cache while off line or transferring - this does not open another connection to the FTP server like other FTP clients. 

List hidden files 

Leech mode - on FTP servers that have a specified limit that you can download.

Bullet Proof FTP can disconnect, reconnect and keep downloading automatically when your download credit runs out.

Monitor the clipboard, and when an ftp or http (web site) url is copied into it, it can instantly connect to the appropriate site in the background and start transferring. 

Queue files on more than one site for download. 

Program Control Developers of other apps can easily add support for controlling BPFTP. 

Proxy/firewall support 

HTTP downloading with support for redirected URLs 

Local file listing with rename/delete/make directory support 

Import site listings from Cute FTP, WS_FTP, and FTP Explorer. With Cute FTP and FTP Explorer, the passwords are also imported. 

Remote mirroring - BPFTP will automatically download new files, resume half-downloaded files, and skip files you already have. You can download entire sites. 

Windows95-style file finding ability. ie, enter a wildcard and other details about a file, and BPFTP will search an entire FTP site and download every file that matches. 

Plus pretty much everything else you'd expect in an FTP client, and a few things you wouldn't. And its a very small download, NO extra support files/DLLs needed.
wacky-sung
End-Loser
End-Loser
 
Posts: 68
Joined: Mon Apr 07, 2003 4:30 am

Postby kostyanj » Fri Apr 11, 2003 9:32 pm

wacky-sung wrote:
insecurepc wrote:Is bulletproof some IDS or something else?


Bulletproof is a window FTP server.

Homepage
http://www.bpftp.com/overview.php?header=overview

Description
Code: Select all
This extensive (but by no means complete) list of features is the reason why BulletProof FTP is considered to be the best FTP client around. Check out the awards page if you don't believe us :)

Download files in any order, from any directory on an FTP site. 

Automatically reconnect and resume from where it left off if the connection is lost, or no data is received for a specified period of time. This works with uploading as well! 

Browse the FTP site from the cache while off line or transferring - this does not open another connection to the FTP server like other FTP clients. 

List hidden files 

Leech mode - on FTP servers that have a specified limit that you can download.

Bullet Proof FTP can disconnect, reconnect and keep downloading automatically when your download credit runs out.

Monitor the clipboard, and when an ftp or http (web site) url is copied into it, it can instantly connect to the appropriate site in the background and start transferring. 

Queue files on more than one site for download. 

Program Control Developers of other apps can easily add support for controlling BPFTP. 

Proxy/firewall support 

HTTP downloading with support for redirected URLs 

Local file listing with rename/delete/make directory support 

Import site listings from Cute FTP, WS_FTP, and FTP Explorer. With Cute FTP and FTP Explorer, the passwords are also imported. 

Remote mirroring - BPFTP will automatically download new files, resume half-downloaded files, and skip files you already have. You can download entire sites. 

Windows95-style file finding ability. ie, enter a wildcard and other details about a file, and BPFTP will search an entire FTP site and download every file that matches. 

Plus pretty much everything else you'd expect in an FTP client, and a few things you wouldn't. And its a very small download, NO extra support files/DLLs needed.




Those all features of the client, I'm running the server.
User avatar
kostyanj
Admin
Admin
 
Posts: 836
Joined: Thu Feb 27, 2003 4:08 am


Return to Software Exploits

Who is online

Users browsing this forum: No registered users and 1 guest

cron