Wednesday, August 29, 2007

Mysterious Post - To Be Explained Later

NEVER FTP as 'root' :-)

7 comments:

Anonymous said...

Ooh - I think this is like "be careful extracting tar files as root" and "use caution with the rm command as root". Not to mention, don't let root login via FTP at all...

Rob said...

Oh dear, what did you delete?

Alrudin said...

That would be self explanatory. (never do anything as root ;) But looking forward to your angle.

Anton Chuvakin said...

Come on!!!!! This post is labeled 'stupidity', but surely you have a better opinion of me than that!

I don't even remember what FTP stands for anymore :-)

This post will be about stupidity, but not mine. I was playing Sherlock Holmes this morning and going thru about 600MB of logs from an 0wned server. I was thinking really hard how it got 0wned and then I saw that its legitimate users using FTP as 'root' (!) from a public wireless network (!) and I said 'Ahhhhhhh, I see' :-)

Rob said...

"This post will be about stupidity, but not mine." Spoilsport! That's something I'd like to see... :)

Yes, sadly I do have a higher opinion of you than that, but we wanted to see proof that you were human!

Still not convinced myself. ;)

Anonymous said...

Stupidity indeed; FTP uses plain text passwords for authentication; in a wireless (or otherwise public) environment, that is not the smartest thing to do.

Anton Chuvakin said...

Just FYI, my incident investigation story will come soon :-) I am still burrowing thru logs, seeing all sorts of "fun" and horrible things, many from .ro domains :-) Ah, the good old days when it was mostly the honeypots that were owned by Romanians...

Dr Anton Chuvakin