[Dshield] Warez Hackers

Paul Clarke paulclarke at clarkeworks.com
Sun Nov 4 21:24:31 GMT 2001


Clever, yes?  But not very bright (see below).

The  Warez hackers found my FTP server too and a couple of them created that
massive directory structure.  Cleverly, they create directory names that
match Windows pipes and so you cannot delete them - at least not directly.

Many thanks to Wayne Beckham (wbeckham at yahoo.com) who took the time to
document those WinNT commands to blow them away (I really had forgotten
those DOS commands - has it been that long?).

Now, back to those Warez hackers.

My FTP site is essentially private for my business and my pleasure.  I have
always maintained my /UPLOAD directory separate from download directories
and I never allow READ permission on the UPLOAD directory (unfortunately, I
did allow MKDIR <gulp>) so there is no way for them to get back (download)
what they put in UPLOAD.

One guy spent 13 hours uploading 2 DVD movies (theatre releases - how do
they get them?).  I bet he and the dozens he told about it in the newsgroup
were some pissed when they discovered they couldn't download them!

I have now removed WRITE DIRECTORY permisions and I think I'm rid of them.
I also implemented a QUOTA of 150Megs to further discourage them.

Paul Clarke


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20011104/99373cb5/attachment.htm


More information about the list mailing list