This is Anton Chuvakin original blog (pre-Gartner) that I will now use to backup my Medium blog content (2023+)
Ooh - I think this is like "be careful extracting tar files as root" and "use caution with the rm command as root". Not to mention, don't let root login via FTP at all...
Oh dear, what did you delete?
That would be self explanatory. (never do anything as root ;) But looking forward to your angle.
Come on!!!!! This post is labeled 'stupidity', but surely you have a better opinion of me than that!I don't even remember what FTP stands for anymore :-)This post will be about stupidity, but not mine. I was playing Sherlock Holmes this morning and going thru about 600MB of logs from an 0wned server. I was thinking really hard how it got 0wned and then I saw that its legitimate users using FTP as 'root' (!) from a public wireless network (!) and I said 'Ahhhhhhh, I see' :-)
"This post will be about stupidity, but not mine." Spoilsport! That's something I'd like to see... :)Yes, sadly I do have a higher opinion of you than that, but we wanted to see proof that you were human! Still not convinced myself. ;)
Stupidity indeed; FTP uses plain text passwords for authentication; in a wireless (or otherwise public) environment, that is not the smartest thing to do.
Just FYI, my incident investigation story will come soon :-) I am still burrowing thru logs, seeing all sorts of "fun" and horrible things, many from .ro domains :-) Ah, the good old days when it was mostly the honeypots that were owned by Romanians...
Post a Comment