FTP Server--how are people finding me?

Hipnotic_Tranz · Post by **Hipnotic_Tranz** » Tue Jul 02, 2002 9:40 pm

I'm running an FTP server for my own personal use (mainly so if I go to a friends house and forget a .cfg file or something, I can easily get it). I'm lookin' at the log and am seeing a bunch of IP's I don't recognize (not any of my friends IPs) so how are these people finding my IP? I have it password protected but people still try to guess it or log-in anonymously and it's just annoying. I don't even know how they are finding my FTP server. I mean, I know it's not hard to find my IP but how many people really sit around and try to http://ftp.xxx.xxx.xxx for every IP they come across?

PreDatoR · Post by **PreDatoR** » Tue Jul 02, 2002 9:55 pm

chances are its just someone scanning your range for a open anonymous ftp server... It happens on the underground anonymous public servers are used to upload stuff too... then posted for others to download the stuff until a sysops finds it and deletes it... Don't ask me how i know... lol

Busby · Post by **Busby** » Tue Jul 02, 2002 9:59 pm

Basically, as Pred said, people are scanning ports and finding an open port 21 (probably) and then trying to login. I say that you should change your port to a weird port that most people wouldn't scan by default.

Hipnotic_Tranz · Post by **Hipnotic_Tranz** » Tue Jul 02, 2002 10:22 pm

Good idea, I'll just change the port # and see how things go. Thanks

NascarFool · Post by **NascarFool** » Tue Jul 02, 2002 11:24 pm

Were you using port 21 ? Also, are you running a firewall ?

Hipnotic_Tranz · Post by **Hipnotic_Tranz** » Wed Jul 03, 2002 12:18 am

Yes and Yes

NascarFool · Post by **NascarFool** » Wed Jul 03, 2002 12:34 am

Never use port 21. Not sure how high you can go, I have seen 5 digit ports. What firewall are you using ? I use Norton Internet Security and no one get's in unless I authorize the connection.

Busby · Post by **Busby** » Wed Jul 03, 2002 1:14 am

2121 works. Avoid p2p ports. i've seen 5 digit ports also. most games use 5 digit ports.

Hipnotic_Tranz · Post by **Hipnotic_Tranz** » Wed Jul 03, 2002 1:28 pm

I'm using ZoneAlarm Pro. I changed the port number and I haven't seen any weird IP's in the log, so it looks like it worked. Thanks

TruckStuff · Post by **TruckStuff** » Wed Jul 03, 2002 4:45 pm

Security through obscruity (i.e. changing ports for common services) is no security at all. Part of running an FTP server (or any server for that matter) that is connected to the internet is that people will find it and try to access it. That is why you have users, groups, etc. setup: to allow some people and deny others. While changing the port of the service may get you fewer "connection attempt from x.x.x.x" entires in your log files, it certainly will not prevent anyone from "finding" your server.

Hipnotic_Tranz · Post by **Hipnotic_Tranz** » Wed Jul 03, 2002 5:33 pm

Thats all I'm looking for though. I got tired of so many anonymous people tryin' to get in. I have passwords on all my users/groups because this server is for me and my friends only. I mean, the login/password I made for my friends is very simple and some even guessed it, thats why I wanted to find out how these people were finding me and if there was a way to "hide" myself, so to speak.

TruckStuff · Post by **TruckStuff** » Sat Jul 06, 2002 5:37 pm

If people are successfully guessing the passwords, you have another problem to worry about. Passwords that are easily guessed are extermely poor and defeat the entire purpose of having users and passwords. If someone can guess them correctly, you need to change them immediately. Passwords are your first line of defense and compromising them is how 95% of system breakins begin. Simply changing the port may keep the really stupid script kiddies out, but even a somewhat stupid script kiddie will get around that.

Besides, I like seeing all those access denied in my logs. Lets my know that my security measures are working the way they should.

Hipnotic_Tranz · Post by **Hipnotic_Tranz** » Sat Jul 06, 2002 9:21 pm

Well, the login/password for my friends group is very simple and I really didn't care that they cracked in (not at all surprised really). That group has no more access than to look at what I have and download it. They can't upload/rename/make directories/etc. I kept the login/password simple so my friends can remember it.

My account on the other hand has a fairly simple username but the password is one I doubt anybody could figure out. The only reason I set a username/password in my friends account in the first place was to keep these anonymous people away....then they started guessing and when they were finally getting in thats when I got fed up and was wondering how they found me in the first place.... ...thus my post began

Ever since my port change, I haven't seen one UIP (unidentified IP

) in my log, though.