I see regular hack attempts on our server using FTP. Most are obvious
scripts trying to gain access through known or perceived Unix
weaknesses. Many attempt multiple logons using the ADMIN or
ADMINISTRATOR logon ID. Others cycle through common first names with
multiple attempts, each with a different password, using the same logon ID
before moving on to the next. I once saw a script attempt this method
using more than a thousand permutations before it gave up and moved on.
Our security software on our i5 server trapped all of this activity and I
was able to trace the source IP address (assuming it is real) back to a
server in China.
Rich Loeber
Kisco Information Systems
http://www.kisco.com
--------------------------------------------------------------------------
Jim Franz wrote:
In my Apache logs I see an increasing nbr of
guess/scan of php files (we are not running any php)
/administrator/index3.php
/modules/My_eGallery/index.php
/phplive/help.php
/index1.php
/index.php
/PHP/includes/header.inc.php
/samPHPweb//common/db.php
config.inc.php
Jim
----- Original Message -----
From: <ChadB@xxxxxxxxxxxxxxxxxxxx>
To: "Security Administration on the AS400 / iSeries"
<security400@xxxxxxxxxxxx>
Sent: Monday, October 27, 2008 9:15 AM
Subject: Re: [Security400] Fw: Hack Attack - Let's guess mail file names(in
Domino).
Looks like the types of log entries you'll get from certain 'security scan'
type software packages or tools. Any possibility your network group was
doing some vulnerability testing? If not, looks like you got scanned by
someone 'outside'!
_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400) mailing list
To post a message email: Security400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/security400.
midrange.com
