My FTP site was being used to serve illegal files.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Before anyone says how dumb I was for leaving ftp site wide open, just save
it. I've learned the lesson so lets move on. I notice one day that I had
acquired two new sub directories in the FTP root. I thought that a friend a
mine was just messing around, but I latter found out that this was not the
case. It just so happens that these directories contains about 5 movie rars.
The files were hidden under about 10 subdirectories. After discovering this
I went through a deleted all the files.

Here's the problem. One folder says that it contains files but they are
invisible and I cannot delete the parent subdirectory. I keep getting error
after error. Does anyone know of fix for this. I think that whomever placed
the files could have installed a service that is hiding the files. Is this
possible? Any help would be appreciated.
db
 
Graphics_master said:
Before anyone says how dumb I was for leaving ftp site wide open, just
save
it. I've learned the lesson so lets move on. I notice one day that I
had
acquired two new sub directories in the FTP root. I thought that a
friend a mine was just messing around, but I latter found out that
this was not the
case. It just so happens that these directories contains about 5
movie rars.
The files were hidden under about 10 subdirectories. After
discovering this
I went through a deleted all the files.

Here's the problem. One folder says that it contains files but they
are
invisible and I cannot delete the parent subdirectory. I keep getting
error
after error. Does anyone know of fix for this. I think that whomever
placed
the files could have installed a service that is hiding the files. Is
this
possible? Any help would be appreciated.
db
Click to expand...

It is completely possible and probable that there is a backdoor
installed. Best practices in this case are that you should back up your
data and flatten the system. Do not attach the newly installed server
to the Internet until protection is in place.

Malke
 
Graphics_master said:
Before anyone says how dumb I was for leaving ftp site wide open, just
save
it. I've learned the lesson so lets move on. I notice one day that I had
acquired two new sub directories in the FTP root. I thought that a friend
a
mine was just messing around, but I latter found out that this was not the
case. It just so happens that these directories contains about 5 movie
rars.
The files were hidden under about 10 subdirectories. After discovering
this
I went through a deleted all the files.

Here's the problem. One folder says that it contains files but they are
invisible and I cannot delete the parent subdirectory. I keep getting
error
after error. Does anyone know of fix for this. I think that whomever
placed
the files could have installed a service that is hiding the files. Is
this
possible? Any help would be appreciated.
db
Click to expand...

You could probably use BartPe to delete the files.

http://www.nu2.nu/pebuilder/

I agree with Malke's suggestion. It is likely a root kit has been installed.
Once a pc is compromised to that extent the quickest and surest way to make
sure it is clean is a format and reinstall.

Kerry
 
I had this happen on an FTP server on our system. Nothing I tried could get
rid of the folder, so had to do as Malke suggested and blew the thing away,
and made sure I had the thing very secure before putting it online again.

I found mine, because my throughput was through the roof from people
downloading the files. In my case it was music. Afterwards, I monitored
the activity on that server. The logs showed thousands of attempts a day to
access it. The people who set it up, must have advertised the location of
the files to everyone in the world.

Lesson well learned. :-)

BS
 
Thanks everyone. I blew it all away and started from scratch. I had movies
that are still in theaters on my machine. Cleaned all of that right up.
Thanks again
db
 
Back
Top