[nsp-sec] NACK for AS217 Re: 12k probably compromised FTP accounts
Brian Eckman
eckman at umn.edu
Wed Apr 2 13:18:56 EDT 2008
Tom Fischer wrote:
> ----------- nsp-security Confidential --------
>
> Hi,
>
> attached (the first part) of a list of probably compromised
> FTP accounts. The data is based on an iframer toolkit
> (a toolkit which uses stolen FTP credentials to add iframes/JavaScript/...).
>
> I've removed the ftp passwords for obvious reasons.
> The data is not verified.
>
> ASN | ip address | ftp server | login
> 217 | 128.101.36.204 | ftp.cs.umn.edu |ftp
'ftp' allows typical anonymous access. Uploads can only be made to
writable-and-not-readable directories. There hasn't been a Web server on
this host for about a year.
If there is malicious content that is readable by
More information about the nsp-security
mailing list