I see regular hack attempts on our server using FTP. Most are obvious
scripts trying to gain access through known or perceived Unix
weaknesses. Many attempt multiple logons using the ADMIN or
ADMINISTRATOR logon ID. Others cycle through common first names with
multiple attempts, each with a different password, using the same logon ID
before moving on to the next. I once saw a script attempt this method
using more than a thousand permutations before it gave up and moved on.

Our security software on our i5 server trapped all of this activity and I
was able to trace the source IP address (assuming it is real) back to a
server in China.

Rich Loeber
Kisco Information Systems
http://www.kisco.com

--------------------------------------------------------------------------

Jim Franz wrote:

In my Apache logs I see an increasing nbr of
guess/scan of php files (we are not running any php)
/administrator/index3.php
/modules/My_eGallery/index.php
/phplive/help.php
/index1.php
/index.php
/PHP/includes/header.inc.php
/samPHPweb//common/db.php
config.inc.php

Jim

----- Original Message -----
From: <ChadB@xxxxxxxxxxxxxxxxxxxx>
To: "Security Administration on the AS400 / iSeries"
<security400@xxxxxxxxxxxx>
Sent: Monday, October 27, 2008 9:15 AM
Subject: Re: [Security400] Fw: Hack Attack - Let's guess mail file names(in
Domino).



Looks like the types of log entries you'll get from certain 'security scan'
type software packages or tools. Any possibility your network group was
doing some vulnerability testing? If not, looks like you got scanned by
someone 'outside'!





_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400) mailing list
To post a message email: Security400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/security400.




This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].