• 0

Filezilla FTP Server - How can someone figure out what the accounts

Asked by AndyD,

 Share

Question

7 answers to this question

Recommended Posts

  • 0
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Yeah its fairly simple to try admin, root, testuser, billy, bobby, nobody, etc.. etc. They just run through the list trying random passwords as well.

Any ftp server you put on the net is going to see this noise.

What was this top secret username they found? - ftpuser? ;)

  • 0
Grand Master

n_K

Posted
Posted

For some reason the last half of my lastb log has no usernames or passwords :s but here's part of it to compare with;

aachu ssh:notty 122.55.83.138 Mon Aug 6 17:34 - 17:34 (00:00)

sales ssh:notty 211.155.233.147 Sun Aug 5 16:29 - 16:29 (00:00)

staff ssh:notty 211.155.233.147 Sun Aug 5 16:29 - 16:29 (00:00)

root ssh:notty 213.229.93.218 Sun Aug 5 13:31 - 13:31 (00:00)

root ssh:notty 184.105.154.38 Sun Aug 5 09:44 - 09:44 (00:00)

aaron ssh:notty 211.144.158.130 Fri Aug 3 14:20 - 14:20 (00:00)

root ssh:notty 31.222.158.83 Fri Aug 3 10:12 - 10:12 (00:00)

uucps ssh:notty 176.10.238.79 Thu Aug 2 07:34 - 07:34 (00:00)

root ssh:notty 86.140.51.159 Wed Aug 1 08:29 - 08:29 (00:00)

root ssh:notty 115.144.181.19 Wed Aug 1 01:37 - 01:37 (00:00)

root ssh:notty 203.162.163.160 Tue Jul 31 03:13 - 03:13 (00:00)

root ssh:notty 195.22.8.226 Tue Jul 31 02:45 - 02:45 (00:00)

root ssh:notty 119.254.88.100 Mon Jul 30 20:49 - 20:49 (00:00)

dpnroot ssh:notty 210.14.64.88 Mon Jul 30 14:34 - 14:34 (00:00)

root ssh:notty 210.14.64.88 Mon Jul 30 14:34 - 14:34 (00:00)

root ssh:notty 66.135.61.57 Sun Jul 29 11:52 - 11:52 (00:00)

root ssh:notty 210.14.64.68 Sun Jul 29 07:42 - 07:42 (00:00)

root ssh:notty 94.23.72.122 Sun Jul 29 00:40 - 00:40 (00:00)

root ssh:notty 213.206.86.210 Sat Jul 28 12:06 - 12:06 (00:00)

bin ssh:notty 213.206.86.210 Sat Jul 28 12:06 - 12:06 (00:00)

  • 0
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

what? See plenty of usernames there - sales, staff, root.

Where did you pull those logs? Yeah they can go on for hundreds if not thousands of attempts from the same IP. Which is why you normally don't allow username password auth on something you want to secure - unless your going to lock it down to source IP.

my ssh server is locked to public key auth only. And sshguard kills them after 4 attempts anyway to keep the logs cleaner.

Oct  1 00:15:43 ubuntu sshguard[1219]: Blocking 200.141.223.78:4 for >630secs: 40 danger in 4 attacks over 4 seconds (all: 40d in 1 abuses over 4s).
Oct  2 05:16:21 ubuntu sshguard[1219]: Blocking 211.155.229.103:4 for >630secs: 40 danger in 4 attacks over 1167 seconds (all: 40d in 1 abuses over 1167s).
Oct  2 10:37:04 ubuntu sshguard[1219]: Blocking 98.126.49.26:4 for >630secs: 40 danger in 4 attacks over 2 seconds (all: 40d in 1 abuses over 2s).
Oct  2 12:04:59 ubuntu sshguard[1219]: Blocking 211.144.158.130:4 for >630secs: 40 danger in 4 attacks over 9 seconds (all: 40d in 1 abuses over 9s).
Oct  3 03:14:46 ubuntu sshguard[1219]: Blocking 187.5.66.12:4 for >630secs: 40 danger in 4 attacks over 39 seconds (all: 40d in 1 abuses over 39s).
Oct  3 15:34:39 ubuntu sshguard[1219]: Blocking 194.65.138.9:4 for >630secs: 40 danger in 4 attacks over 186 seconds (all: 40d in 1 abuses over 186s).
Oct  4 07:08:48 ubuntu sshguard[1219]: Blocking 210.118.169.5:4 for >630secs: 40 danger in 4 attacks over 26 seconds (all: 40d in 1 abuses over 26s).
Oct  4 08:24:41 ubuntu sshguard[1219]: Blocking 189.26.255.11:4 for >630secs: 40 danger in 4 attacks over 1 seconds (all: 40d in 1 abuses over 1s).
Oct  4 08:58:46 ubuntu sshguard[1219]: Blocking 91.205.189.15:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Oct  4 10:00:21 ubuntu sshguard[1219]: Blocking 201.83.151.207:4 for >630secs: 40 danger in 4 attacks over 171 seconds (all: 40d in 1 abuses over 171s).

  • 0
Grand Master

n_K

Posted
Posted

My server :p

I've got sshguard on but it isn't actually active because the traffics redirected to SNORT instead and I still haven't worked out how to reinject certain SNORT packets back into iptables to sshguard :/ although SNORT does seem to block access for about 20 minutes if more than 2 connections in that time happen, again not really sure why it does that but I'm fine with it doing that haha.

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Google Meet brings Gemini note-taking to AI Pro and Ultra subscribers

      By Karthik Mudaliar · Posted

      Google Meet brings Gemini note-taking to AI Pro and Ultra subscribers by Karthik Mudaliar Google's Gemini-powered "Take notes for me" feature inside Google Meet is now available to Google AI Pro and Ultra subscribers. The features work on Google Meet for web as well as on mobile, and Google says that subscribers can use it for meetings they host in many supported languages. As the name suggests, "Take notes for me" allows Gemini to listen to a meeting, generate a summary, identify action items, and save the notes as a Google Doc in the user’s Drive. After the meeting, the organizer receives an email recap with the summary and action items, while the notes can also be attached to the related Calendar event depending on the meeting setup and sharing settings. The feature isn't automatically turned on for everyone, though. Google says that all meeting participants are notified when note-taking is turned on, and users can start it from the pencil icon in Meet or enable it for future calls through Meet’s meeting records settings. For work or school accounts, administrators can also control whether the feature is available and may require explicit participant consent for note-taking, recording, or transcription features. The feature first launched back in 2024, when it was available just for selected Workspace users. Over the years, Google added refinements and more options, including the ability to enable it when scheduling meetings via Google Calendar. Google's support docs say that the feature currently supports English, French, German, Italian, Japanese, Korean, Portuguese, and Spanish, but only one language at a time. Meetings with multiple spoken languages are not currently supported, and Google recommends using the tool for meetings between 15 minutes and eight hours. The new feature makes Google Meet closer to its rivals that have AI tools already built in. Microsoft Teams has recently started offering Copilot and intelligent recap features that summarize meetings, surface highlights, and help with follow-ups, while Zoom’s AI Companion can also generate meeting summaries from desktop and mobile meetings.
    • GnuCash 5.16

      By Copernic · Posted

      GnuCash 5.16 by Razvan Serea GnuCash is a personal and small business finance application, freely licensed under the GNU GPL and available for GNU/Linux, BSD, Solaris, Mac OS X and Microsoft Windows. It’s designed to be easy to use, yet powerful and flexible. GnuCash allows you to track your income and expenses, reconcile bank accounts, monitor stock portfolios and manage your small business finances. It is based on professional accounting principles to ensure balanced books and accurate reports. GnuCash can keep track of your personal finances in as much detail as you prefer. If you are just starting out, use GnuCash to keep track of your checkbook. You may then decide to track cash as well as credit card purchases to better determine where your money is being spent. When you start investing, you can use GnuCash to help monitor your portfolio. Buying a vehicle or a home? GnuCash will help you plan the investment and track loan payments. If your financial records span the globe, GnuCash provides all the multiple-currency support you need. Between 5.15 and 5.16, the following bugfixes were accomplished: Bug 421610 - RFE: Include logical dates for View->Filter by "date range"The Select Range section of the Date tab of the register's Filter By dialog box is changed to provide relative, specific date, or days ago options for the start and end of the filter range. The Show number of days item label is changed to Show from days ago to better reflect what it does. Bug 436105 - esc key not working as expected in register: Enable the escape key to cancel a field edit. Bug 797384 - Gnucash doesn't handle commodity prices with big numerator/denominator properly. Bug 798004 - Next gen UI for stock transactions Bug 799314 - Add "enter now" option in scheduled transaction editor. tab to allow users to select the scheduled transactions to be included in a “Since Last Run…” window. If there are no instances of a selected transaction triggered by today’s date, the next instance is triggered. Bug 799751 - autocomplete crash Bug 799759 - Users can't Enable entries via Checkboxes on Scheduled Transactions PageAllow the Enabled box in the list of scheduled transactions to be operated instead of having to open the transaction editor dialog and change the Enabled checkbox. Also added use of the Name column as the secondary column sort for all the other columns. Bug 799762 - Poor handling of cases where hidden/placeholder accounts are used in the account register Bug 799766 - Double line preference not respected in search register Bug 799767 - POST /accounts in bindings/python/example_scripts/rest-api is broken Bug 799777 - `xaccSplitSetParent`: reparenting a committed split silently drops its KVP slots (online_id, cap-gains links) Other changes & improvements: Numeric values may now be selected to copy in the Accounts page. Add new Finance::Quote source Finnhub.io: Free API key (personal/non-professional use) available at https://finnhub.io. Set FINNHUB_API_KEY environment variable to API key to use this source. As of June 2026, free tier API limit is 60 API calls/minute. The Investment Lots report has new optional columns for Computed Annual Growth Rate. Python Bindings: Improved translation of primary object (Account, Transaction, Split, etc.) so that they can be treated as normal Python objects. This is accomplished with SWIG magic so no existing code is obsoleted. Python Bindings: Better conversion of GLists to Python lists. Python Bindings: Destroy the QofSession in the Python Session dtor to prevent leaving the database locked. [engine] Add first-class online_id accessors for Split and Account and make them available to Python bindings, removing the unused Transaction online_id property. Improve C++ implementation of QofBook. Correct the Doxygen doc for qof_instance_get/set_kvp. [gnc-log-replay.cpp] fix incorrect guid dump Add some Boost library requirements needed by libgnucash-guile to CMakeLists.txt so that missing feature will fail at configure time. Use Compile-time Regular Expressions instead of std::regex in gnc-filepath-utils.cpp and instead of boost::regex in the CSV importer, with the CTRE v3.11.1 header added to borrowed [gnc-filepath-utils.cpp] null check char* arguments Add ChartJS licenses. Removed AEX from list of commodities. euronext.com is now using JS based anti-webscraping. [report-core] always offer options summary in reports. This is useful to debug reports. The Add options summary option is removed because it's no longer optional. Remove remaining obsolete IMContext from sheet Fix blurry text in HiDPI offscreen-rendered widgets Add port field to database connection dialog: The convention of appending the port number after the host isn't obvious. When editing a split in the register treat the account as being changed only if it isn't the one selected before editing instead of if the user performed an edit Return immediately from qof_book_destroy if hash_of_collections is null. If qof_book_destroy is called on a QofBook* freshly created with qof_book_new (usually because it was used to create a session that now must be destroyed) it would try to empty the non-existent hash tables, crashing. Clean up Flathub metadata to solve warnings at flatpak build time. Be consistent in naming GncPluginPage and GncPluginPageRegister HTML: Remove unimplemented function declarations. [gnc-html.cpp] remove unused buggy string conversion functions Convert libgnc-html to C++ Apply -Wall -Werr -Wmissing-prototypes to C++ compilation on Windows and fix the resulting errors. New and Updated Translations: Arabic, Croatian, Danish, Dutch, German, Finnish, Hungarian, Korean, Norwegian-Bokmal, Spanish Download: GnuCash 5.16 | 176.0 MB (Open Source) Links: GnuCash Home page | Other Operating Systems | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Microsoft finally launches WSL Containers in public preview

      By David Uzondu · Posted

      Microsoft finally launches WSL Containers in public preview by David Uzondu Microsoft has announced that WSL containers, a feature that allows developers to run Linux containers natively inside Windows without the need for Docker Desktop, is now available in public preview several weeks after Microsoft previewed it at Build 2026. To use the new container feature, you first have to install the latest pre-release version of the Windows Subsystem for Linux by running a quick update command in your terminal: wsl --update --pre-release After installing, you'd get access to the new Linux container CLI (wslc.exe) and the programmable API. Microsoft said that the CLI has a "familiar format" that matches the toolsets developers already use every day. If you know standard Docker commands, your muscle memory will translate directly to wslc.exe, which even features a built-in alias called container.exe. You can quickly run a full Ubuntu KDE desktop container by exposing ports, or pass your graphics card straight into a machine learning environment to run PyTorch workloads. Passing the --gpus all flag inside the run command instantly links your hardware. Image via Microsoft As for the API, developers can now embed Linux container operations directly inside native Windows applications without exposing the command line to users. The team integrated the API directly into MSBuild and CMake, so developers can define container steps directly in project files. Apart from bringing the CLI and API into public preview, Microsoft also said that it's working on a new default file system called virtiofs to speed up file transfer rates between Windows and Linux. Microsoft also introduced an experimental networking mode named consomme, which resolves compatibility issues with corporate VPNs by routing Linux network traffic straight through Windows. One thing to note about WSL containers is that they don't run in your standard WSL distributions; instead, every application and CLI session spawns its own lightweight Hyper-V utility VM in the background. This basically reduces the chances of one app snooping on the container of another app.
    • Google reportedly limited Meta's Gemini access over limited AI compute

      By Karthik Mudaliar · Posted

      Google reportedly limited Meta's Gemini access over limited AI compute by Karthik Mudaliar Google is reportedly limiting Meta's use of its Gemini AI models after Meta tried buying more computing capacity than even Google could supply. According to the Financial Times, Google told Meta in March that it could not provide the full Gemini capacity that Meta had requested. This shortfall even disrupted and delayed some of Meta's internal projects. Due to this, Meta even told its employees internally to use AI tokens more efficiently. Meta wasn't the only one to get hit by this sudden refusal by Google; even other customers were affected. But Meta was hit harder because of its unusually high demand for Google's models. The move from Google makes it evident that companies all over are in limited supply of both infrastructure and compute. Alphabet said in April that Google Cloud revenue grew 63% year-over-year to $20 billion in the first quarter, helped by enterprise AI infrastructure and AI solutions. In pursuit of more compute, Meta had earlier signed a multi-billion-dollar AWS agreement as well as a large AMD GPU deal for AI data centers. But the crunch would be short-lived as both Meta and Google have also ramped up infrastructure investments heavily. Meta said in November that it was committing more than $600 billion in the U.S. by 2028 for AI technology, infrastructure, and workforce expansion. In the first quarter of this year, Meta also raised its expected capital expenditure for 2026 to a range of $125 billion to $145 billion, citing higher component pricing and additional data center costs for future capacity. However, this doesn't make the company immune to the current dependence on outside suppliers. Meta has also spent many years promoting Llama as an open-weight alternative to closed models from Google, OpenAI, and Anthropic. But if the reported reliance on Google's Gemini models is severe enough for internal work to get impacted, then it looks like even frontier labs and Big Tech aren't fully self-sufficient. Source: Financial Times
    • Samsung, Amazon extend 990 PRO 2TB NVMe SSD deal beyond Prime Day 2026

      By seeprime · Posted

      I like to reminisce about the good old days, way back in autumn 2025 when building a gaming machine was fun and the drives were about $150 when you caught a deal. Yes duh, back in the day we had it gone. Then baby Skynet came along, hiding in AI datacenters demanding more processing power until it reached singularity. End of a not totally fictional story.

  • Recent Achievements

    • Reacting Well
      NovaEdgeX earned a badge
      Reacting Well
    • Week One Done
      NovaEdgeX earned a badge
      Week One Done
    • One Year In
      BA the Curmudgeon earned a badge
      One Year In
    • Conversation Starter
      rosiecharles earned a badge
      Conversation Starter
    • First Post
      KMilenkoski1202 earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      533
    2. 2
      +Edouard
      269
    3. 3
      PsYcHoKiLLa
      150
    4. 4
      Steven P.
      98
    5. 5
      macoman
      66
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!