Results 1 to 4 of 4

Thread: FTP Usage

  1. #1
    Junior Member
    Join Date
    Sep 2001

    FTP Usage

    Okay...made the mistake of leaving anonymous ftp usage open on a Win2k server box and opening up the firewall to forward that port. Well, needless to say, I got compromised. I have logs up the yin-yang with all the users. Anyways, I noticed that when it was compromised, the users put in their own directories. Here's an example...


    Well, I have about seven different directories that are named with reserved names. So, I can't delete them. Anyone know a way to get rid of them?

    Thanks in advance!

  2. #2
    Senior Member
    Join Date
    Oct 2001
    You could delete them if you used a Linux distro on CD, but I'm guessing you use NTFS and Write support for NTFS is very temperamental in Linux, so thats probably not a good idea.

    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)

  3. #3
    Senior Member
    Join Date
    Jul 2001
    While logged in as administrator

    Take ownership of those folders.

    Once you have ownership, make sure that you give administrator(or whoever you are logged in as) full controll.

    You may need to stop the FTP service(not sure)

    then from a cmd prompt, you should be able to delete them, failing that, you should be able to rename those folders to something else, and then delete them.

    I had a friend have the same thing happen. It was quite a while ago, but I think that is what he had to do.

    Good Luck,


    p.s. I would consider getting your critical data off, and wipe and reinstall the OS then make sure you have full patches, etc.. etc... I dont know any way for someone to further compromise your box with anonymous ftp access, but that means, I dont know. I do know that I wouldnt trust a box that had been compromised, even if it appeared to only be compromised for hosting pr0n or ripped dvd's on ftp...

  4. #4
    Senior Member
    Join Date
    Nov 2001
    with the orn.hp.lasterjet one, if you were to use the command
    "deltree *.*.*", that may work. Just use wildcards instead of the real directory names.
    and for the .nul one, because you probably have several folders with the period infront of it, try:
    "deltree .nu?". I don't know if they will work, but I guess it's worth a try.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts