Thursday, 2 July 2015

Hackers today

Today, someone uploaded a file to my publicly-available ftp. That does nothing, of course, the file just sits there until I decide what to do with it.

It was an HTML file, and it said "we hack this site to pass a MSG we will fight to the end no matter what happen".

Well, what will happen, is that I'll delete the file, and that's the end of it.

I get a lot of these - people upload files to my ftp, and when I look at them, I can see they're supposed to do something. Sometimes, they're supposed to give control of my server to anyone who accesses the file (but they can't access it, because you can upload but then you can't access the file, for obvious reasons.). Sometimes the file is obfuscated, and I can't tell what it does unless I spend an hour or two analysing it, which I'm not going to do because I'm not that interested. I just delete it. Sometimes the file name indicates that it's pretending to be a jpg, because the filename ends in .jpg.php. Which makes it actually a php file, which wouldn't do anything even if I let people run it, because I don't run php, because it's such a security risk.

But this must, I guess, work sometimes, otherwise people wouldn't do it. They can't possibly be thinking that I'll just move the file to an accessible area without looking at it. So that means that there must be public ftps available, that you can upload to, and then people can immediately access what was uploaded.

So if you have an ftp that allows that, you'd better fix it.

No comments:

Post a Comment