> Just looks like a check for a world writable incoming. I
> need to clear out the WaReZ puppies and VCD couriers every once in a
> while on this server, is this how they're finding me?
They are probably looking for a world-writable incoming directory so
they can gain remote-root access to your server. Which ftp
server/version are you running? Notice any strange happenings on your
server? It is doubtful that people would make a directory such as
.000925171453p just to store their warez. I very well could be wrong,
have you found warez residing in those directories? I doubt you found
anything in
. / s t a n l e y / l o o k e d / q u i t e / b o r e d / a n d / s o
m e w h a t / d e t a c h e d , b u t / t h e n / p e n g u i n s / o
f t e n / d o / . ssh@shn.nu . / / . http://projects.shn.nu/sean/ . /
Anyway, send more details about your server and such, you are probably
running ProFTPD or wu-ftpd, vulnerable or not, the kiddies don't know
the difference.
Erik Tayler
http://www.14x.net
http://www.digitaloffense.net
Received on Oct 01 2000
Intro
