• 0

Filezilla FTP Server - How can someone figure out what the accounts

Asked by AndyD,

 Share

Question

7 answers to this question

Recommended Posts

  • 0
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Yeah its fairly simple to try admin, root, testuser, billy, bobby, nobody, etc.. etc. They just run through the list trying random passwords as well.

Any ftp server you put on the net is going to see this noise.

What was this top secret username they found? - ftpuser? ;)

  • 0
Grand Master

n_K

Posted
Posted

For some reason the last half of my lastb log has no usernames or passwords :s but here's part of it to compare with;

aachu ssh:notty 122.55.83.138 Mon Aug 6 17:34 - 17:34 (00:00)

sales ssh:notty 211.155.233.147 Sun Aug 5 16:29 - 16:29 (00:00)

staff ssh:notty 211.155.233.147 Sun Aug 5 16:29 - 16:29 (00:00)

root ssh:notty 213.229.93.218 Sun Aug 5 13:31 - 13:31 (00:00)

root ssh:notty 184.105.154.38 Sun Aug 5 09:44 - 09:44 (00:00)

aaron ssh:notty 211.144.158.130 Fri Aug 3 14:20 - 14:20 (00:00)

root ssh:notty 31.222.158.83 Fri Aug 3 10:12 - 10:12 (00:00)

uucps ssh:notty 176.10.238.79 Thu Aug 2 07:34 - 07:34 (00:00)

root ssh:notty 86.140.51.159 Wed Aug 1 08:29 - 08:29 (00:00)

root ssh:notty 115.144.181.19 Wed Aug 1 01:37 - 01:37 (00:00)

root ssh:notty 203.162.163.160 Tue Jul 31 03:13 - 03:13 (00:00)

root ssh:notty 195.22.8.226 Tue Jul 31 02:45 - 02:45 (00:00)

root ssh:notty 119.254.88.100 Mon Jul 30 20:49 - 20:49 (00:00)

dpnroot ssh:notty 210.14.64.88 Mon Jul 30 14:34 - 14:34 (00:00)

root ssh:notty 210.14.64.88 Mon Jul 30 14:34 - 14:34 (00:00)

root ssh:notty 66.135.61.57 Sun Jul 29 11:52 - 11:52 (00:00)

root ssh:notty 210.14.64.68 Sun Jul 29 07:42 - 07:42 (00:00)

root ssh:notty 94.23.72.122 Sun Jul 29 00:40 - 00:40 (00:00)

root ssh:notty 213.206.86.210 Sat Jul 28 12:06 - 12:06 (00:00)

bin ssh:notty 213.206.86.210 Sat Jul 28 12:06 - 12:06 (00:00)

  • 0
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

what? See plenty of usernames there - sales, staff, root.

Where did you pull those logs? Yeah they can go on for hundreds if not thousands of attempts from the same IP. Which is why you normally don't allow username password auth on something you want to secure - unless your going to lock it down to source IP.

my ssh server is locked to public key auth only. And sshguard kills them after 4 attempts anyway to keep the logs cleaner.

Oct  1 00:15:43 ubuntu sshguard[1219]: Blocking 200.141.223.78:4 for >630secs: 40 danger in 4 attacks over 4 seconds (all: 40d in 1 abuses over 4s).
Oct  2 05:16:21 ubuntu sshguard[1219]: Blocking 211.155.229.103:4 for >630secs: 40 danger in 4 attacks over 1167 seconds (all: 40d in 1 abuses over 1167s).
Oct  2 10:37:04 ubuntu sshguard[1219]: Blocking 98.126.49.26:4 for >630secs: 40 danger in 4 attacks over 2 seconds (all: 40d in 1 abuses over 2s).
Oct  2 12:04:59 ubuntu sshguard[1219]: Blocking 211.144.158.130:4 for >630secs: 40 danger in 4 attacks over 9 seconds (all: 40d in 1 abuses over 9s).
Oct  3 03:14:46 ubuntu sshguard[1219]: Blocking 187.5.66.12:4 for >630secs: 40 danger in 4 attacks over 39 seconds (all: 40d in 1 abuses over 39s).
Oct  3 15:34:39 ubuntu sshguard[1219]: Blocking 194.65.138.9:4 for >630secs: 40 danger in 4 attacks over 186 seconds (all: 40d in 1 abuses over 186s).
Oct  4 07:08:48 ubuntu sshguard[1219]: Blocking 210.118.169.5:4 for >630secs: 40 danger in 4 attacks over 26 seconds (all: 40d in 1 abuses over 26s).
Oct  4 08:24:41 ubuntu sshguard[1219]: Blocking 189.26.255.11:4 for >630secs: 40 danger in 4 attacks over 1 seconds (all: 40d in 1 abuses over 1s).
Oct  4 08:58:46 ubuntu sshguard[1219]: Blocking 91.205.189.15:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Oct  4 10:00:21 ubuntu sshguard[1219]: Blocking 201.83.151.207:4 for >630secs: 40 danger in 4 attacks over 171 seconds (all: 40d in 1 abuses over 171s).

  • 0
Grand Master

n_K

Posted
Posted

My server :p

I've got sshguard on but it isn't actually active because the traffics redirected to SNORT instead and I still haven't worked out how to reinject certain SNORT packets back into iptables to sshguard :/ although SNORT does seem to block access for about 20 minutes if more than 2 connections in that time happen, again not really sure why it does that but I'm fine with it doing that haha.

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Display Driver Uninstaller (DDU) 18.1.5.5

      By Copernic · Posted

      Display Driver Uninstaller (DDU) 18.1.5.5 by Razvan Serea Display Driver Uninstaller (DDU) is a utility for completely removing AMD/NVIDIA/INTEL graphics drivers and related packages from your system, attempting to eliminate all leftovers (including registry entries, folders and files, driver store). Though AMD/NVIDIA/INTEL drivers can usually be removed via the Windows Control Panel, this uninstaller tool was created for situations where standard uninstall fails, or when you need to fully remove NVIDIA or ATI graphics card drivers. After using this driver cleaner, your system will behave as though it’s the first time you’re installing a new driver—similar to a fresh Windows installation. As with all such tools, we recommend creating a restore point beforehand, allowing you to undo changes if issues arise. If you're having trouble installing an older or newer driver, try it—there are reports that it resolves such problems. Recommended usage: The tool can be used in Normal mode but for absolute stability when using DDU, Safemode is always the best. Make a backup or a system restore (but it should normally be pretty safe). It is best to exclude the DDU folder completely from any security software to avoid issues. You do NOT need to uninstall the driver prior using DDU. Requirements: .NET Framework 4.8 Compatible with Windows 7, 8, 8.1, 10, and 11 (32-bit or 64-bit) Note: Using on Insider Preview builds is at your own risk. Display Driver Uninstaller (DDU) 18.1.5.5 changelog: Added 'Reset to recommended' button for the Options. General fixes and improvements. Download: Display Driver Uninstaller (DDU) 18.1.5.5 | 1.7 MB (Freeware) Download: DDU Portable | 1.2 MB Links: Display Driver Uninstaller Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • WACUP 1.99.51.24568 Preview

      By Copernic · Posted

      WACUP 1.99.51.24568 Preview by Razvan Serea WACUP (WinAmp Community Update Project) is a modern, enhanced version of the classic Winamp music player, designed for better stability, performance, and compatibility. Built for Windows, WACUP retains the familiar Winamp interface while adding 64-bit support, bug fixes, and new features like improved audio format support, customizable skins, and optimized playlist management. Unlike bloated alternatives, WACUP focuses on lightweight performance and regular updates, making it the best choice for fans of the classic Winamp experience. Basically, if you miss the good old days of Winamp and want a modern upgrade that doesn’t mess things up, WACUP is for you! WACUP key features: Classic Winamp Feel – Keeps the familiar interface and functionality. Bug Fixes & Stability – Fixes old Winamp issues and improves performance. 64-Bit Support – Works better on modern systems. More Formats & Plugins – Supports additional audio formats and third-party plugins. Customizable UI – Skins and tweaks for a personalized look. Better Library Management – Improved playlists, media organization, and search. No Bloat – Focuses on performance without unnecessary extras. Regular Updates – Community-driven development with new features and fixes. WACUP 1.99.51.24568 Preview changelog: Fixed a deadlock seen from the recent crash reports when doing some of the drag + drop actions within the media library window Fixed a loading crash seen related to a problem with some of the artwork cache image files being restored which should now be better handled allowing for the bad image to be removed without it failing Fixed a deadlock seen from the recent crash reports when the internal metadata cache clearing is triggered which could block the main ui thread for too long with this now being moved to a background thread Fixed some performance issues with some of the methods related to determining artwork support which mainly affected the local library import / refresh (this is still slower for some compared to other players because there's more data & artwork aspects being checked for which means doing more processing on a single file despite the best of attempts to reduce duplicate / heavy processing where possible) Fixed a crash with the JTFE based missing files hotkey which no one seems to have used for an age for this to appear (maybe it's time to seriously consider stripping out features that aren't being used) Fixed how some of the file types which use extra information to reference their sub-songs is handled which was preventing some from being correctly resolved back to their base file (noticed fixing above) Fixed an issue with the handling of files with underscores in their filepath which wasn't being correctly handled causing some of the filename to be lost when shown as the title if title reading is delayed Fixed a few things that might be behind NotSoDirect not being stable for some setups though am still not certain that the changes done for this are going to fully resolve the problem from the crash reports Fixed the OS toast handling when there's no prior shortcut in the OS start menu to now create the shortcut (needed to allow the yes/no buttons for the new build / post-release toast) to be done as a hidden one so it's less likely to cause annoyance for those not wanting to see it whilst still allowing this less than ideal OS api implementation requirement to be met to avoid toasts without the needed buttons Fixed a regression when moving from taglib1 to taglib2 which broke some of the handling in place to allow for external programs to still access files when wacup has a held open cached instance of the file Everything else Updated cppwinrt (gen_win10shell.dll) to 3.0.260520.1 (26 May 2026) Updated libcurl (libcurl.dll) to 8.2.1 (24 Jun 2026) Updated Monkey's Audio (in_ape.dll) to 13.15 (28 Jun 2026) Updated mpg123 (mpg123.dll) to 1.33.6 (6 Jun 2026) Updated OpenSSL (libcurl.dll) to 3.5.7 (9 Jun 2026) Updated pugixml to 1.16 (16 Jun 2026) Updated taglib (tag2.dll) to 2.3.0 (11 May 2026) Updated vgmstream (in_vgmstream.dll) to the latest Git commit from 28 Jun 2026 Download: WACUP 64-bit | 9.6 MB (Freeware) Download: WACUP 32-bit View: WACUP Website | Screenshots Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Dbrand thought they could get away with this Steam Machine case, Valve disagreed

      By Doli · Posted

      "over a thousand engineering hours" and started selling it but could not take a couple of minuets to send an AI email to ask permission. What an expensive lesson.
    • Can't access the forum on mobile

      By WITHOUT-ME · Posted

      just tested it yesterday, a simple page with autoloading ADS takes 60mb....just 1 page for 60 megabytes.   poor people with a limited internet never will visit neolose
    • Tor Browser 15.0.17

      By Copernic · Posted

      Tor Browser 15.0.17 by Razvan Serea Protect your privacy. Defend yourself against network surveillance and traffic analysis. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody from watching your Internet connection and learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked. The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained. Tor Browser 15.0.17 changelog: All Platforms Updated Tor to 0.4.9.11 Updated NoScript to 13.6.25.1984 Build System / All Platforms Bug tor-browser-build#41821: Update gpg subkeys for boklm Bug tor-browser-build#41827: Update morgan's keychain with renewed key Download: Tor Browser (64-bit) | Tor Browser (32-bit) | 109.0 MB (Open Source) View: Tor Browser Website | Other Operating Systems Get alerted to all of our Software updates on Twitter at @NeowinSoftware

  • Recent Achievements

    • Reacting Well
      Wakeen1966 earned a badge
      Reacting Well
    • Rookie
      Almohandis went up a rank
      Rookie
    • Apprentice
      jahara21 went up a rank
      Apprentice
    • Reacting Well
      NovaEdgeX earned a badge
      Reacting Well
    • Week One Done
      NovaEdgeX earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      528
    2. 2
      +Edouard
      265
    3. 3
      PsYcHoKiLLa
      147
    4. 4
      Steven P.
      99
    5. 5
      macoman
      55
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!