Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Oct 2001 15:21:18 +0000
From:      jslivko@4evermail.com <jslivko@4evermail.com>
To:        <tyuliev@e20.physik.tu-muenchen.de>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: 77M    ./var/ftp/incoming/                    com2/tagged 4
Message-ID:  <20011018192046.553B937B405@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Georgi,

Generally, that means that you've got a warez group sitting on your 
server, using it as a file repository for illegal software, etc. 
Generally, just deleting the directories and strengthening up 
security around FTPd should be enough to stop the intruders from 
doing much more. All in all, it's rather harmless from a hacking 
attempt point of view. -- Jonathan

--- Georgi Tyuliev <tyuliev@e20.physik.tu-muenchen.de> wrote:
> I am using FreeBSD-4.3 release and when I tried to make a telnet
> I got a message telling  that the filesystem is full. It appears 
that
> /var/ftp/incoming
> directory is filled maliciously by some attacker. Unfortunately I 
can
> not
> remove these files/directories, their behavior is strange.
> How one should proceed in such cases,
> Best regards,
> Dr. Georgi Tyuliev
> 
> Below is a part of the output from the commands:
> "du -h"
> 
> 497K    ./var/ftp/bin
> 4.0K    ./var/ftp/etc
> 1.0K    ./var/ftp/pub
> 1.0K    ./var/ftp/incoming/
> 1.0K    ./var/ftp/incoming/          com1
>  77M    ./var/ftp/incoming/                    com2/tagged 4 Lhotse 
by
> Xplosivo/filled by okunawa/tc2
>  77M    ./var/ftp/incoming/                    com2/tagged 4 Lhotse 
by
> Xplosivo/filled by okunawa
>  77M    ./var/ftp/incoming/                    com2/tagged 4 Lhotse 
by
> Xplosivo
>  77M    ./var/ftp/incoming/                    com2
>  77M    ./var/ftp/incoming
>  78M    ./var/ftp
>  84M    ./var
> and
> "ls -l"
> 
> drwxr-xr-x  2 ftp   operator  512 Oct 14 03:39
> drwxr-xr-x  3 ftp   operator  512 Oct 14 13:37                     
com2
> drwxr-xr-x  2 ftp   operator  512 Oct 14 13:33           com1
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011018192046.553B937B405>