In last few weeks I was monitoring my FTP servers for repeated attacks against them. At the moment I was able to identify few different types of attack.
One of them successfully logged on to the FTP server with account that was created for this purpose. This time attack came from IP address 210.188.204.80 which according toAPNIC belong so Japan Network Information Center.
In the picture below, you can see successful authentication to the FTP server.
Note that password was edited out since I plan to use this account a bit longer :-).
Click image to enlarge
After successful authentication ftp client tried to erase a folder named "sarcaxxo" which does not exist on my server. After that they logged out of the system (picture below) and attack was over.
Click image to enlarge
I Googled the name "sarcaxxo" and found quite a few
references to it.
For my next post on these attacks, I will try to find out more about the other attack that I am frequently seeing.