Date: Thu, 18 Oct 2001 15:21:18 +0000 From: jslivko@4evermail.com <jslivko@4evermail.com> To: <tyuliev@e20.physik.tu-muenchen.de> Cc: freebsd-questions@freebsd.org Subject: Re: 77M ./var/ftp/incoming/ com2/tagged 4 Message-ID: <20011018192046.553B937B405@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Georgi, Generally, that means that you've got a warez group sitting on your server, using it as a file repository for illegal software, etc. Generally, just deleting the directories and strengthening up security around FTPd should be enough to stop the intruders from doing much more. All in all, it's rather harmless from a hacking attempt point of view. -- Jonathan --- Georgi Tyuliev <tyuliev@e20.physik.tu-muenchen.de> wrote: > I am using FreeBSD-4.3 release and when I tried to make a telnet > I got a message telling that the filesystem is full. It appears that > /var/ftp/incoming > directory is filled maliciously by some attacker. Unfortunately I can > not > remove these files/directories, their behavior is strange. > How one should proceed in such cases, > Best regards, > Dr. Georgi Tyuliev > > Below is a part of the output from the commands: > "du -h" > > 497K ./var/ftp/bin > 4.0K ./var/ftp/etc > 1.0K ./var/ftp/pub > 1.0K ./var/ftp/incoming/ > 1.0K ./var/ftp/incoming/ com1 > 77M ./var/ftp/incoming/ com2/tagged 4 Lhotse by > Xplosivo/filled by okunawa/tc2 > 77M ./var/ftp/incoming/ com2/tagged 4 Lhotse by > Xplosivo/filled by okunawa > 77M ./var/ftp/incoming/ com2/tagged 4 Lhotse by > Xplosivo > 77M ./var/ftp/incoming/ com2 > 77M ./var/ftp/incoming > 78M ./var/ftp > 84M ./var > and > "ls -l" > > drwxr-xr-x 2 ftp operator 512 Oct 14 03:39 > drwxr-xr-x 3 ftp operator 512 Oct 14 13:37 com2 > drwxr-xr-x 2 ftp operator 512 Oct 14 13:33 com1 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011018192046.553B937B405>