Whereas there might be totally innocent explanations for most of the following, some attempts to log in as a "power user" and/or to create directories or files on our FTP server have been logged, apparently originating from the following IP addresses.
We list them here in the interest of helping to advise of possible "hack attacks" to others running FTP servers at the present time. Times shown are our local UK (Winter Time is the same as Greenwich Mean / Universal Time; Summer Time is forward one hour).
The majority seem to try to create a directory based on the local current numerical date and time suffixed by "p", and are most probably generated by "zombie computers".
A few seem different, and might possibly be more difficult to recognise.
2005-11-03 08:54:09 thru 13:42:49 202.107.245.017: 13,758 automated attempts to log in using various user names and passwords. 2006-01-08 13:54:46 thru 14:29:02 212.032.218.254: 6,365 automated attempts to log in using various passwords for user name "Administrator". 2006-03-02 16:40:11 thru 17:08:49 082.077.204.020: 12,145 automated attempts to log in using various user names and passwords. 2006-03-14 07:39:57 thru 07:50:49 080.053.143.212: 101 automated attempts at anonymous FTP. 2006-04-05 23:31:56 thru 23.54.55 024.166.148.167: 4,566 automated attempts to log in using various user names and passwords. 2006-04-07 10:33:17 thru 10:48:56 213.227.240.171: 38 automated attempts at anonymous FTP. 2006-04-11 22:47:19 thru 22:48:47 084.244.009.255: 786 automated attempts to log in using various passwords for user name "Administrator" (cut off in mid-flight). 2006-04-26 16:31:08 thru 16:31:35 084.128.231.008: 462 automated attempts to log in using various user names and passwords. 2006-04-29 12:16:56 thru 13:32:32 222.090.206.062: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-05-02 22:08:32 thru 22:11:30 211.039.131.040: 253 automated attempts to log in using various passwords for user name "Administrator". 2006-05-04 10:36:46 thru 11:00:54 211.182.058.002: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-05-06 11:00:34 thru 11:29:36 220.194.062.219: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-05-06 11:06:53 thru 11:18:37 063.245.203.008: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-05-08 22:23:46 thru 22:59:37 085.223.148.046: 1,713 automated attempts to log in using various passwords for user name "Administrator" (cut off in mid-flight). 2006-05-10 16:27:43 thru 16:51:45 221.148.123.219: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-05-12 22:03:33 thru 22:10:07 216.183.161.093: 389 automated attempts to log in using various passwords for user name "Administrator" (cut off in mid-flight). 2006-05-21 15:00:04 thru 15:13:40 200.035.163.219: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-06-05 22:18:59 thru 22:49:05 202.201.013.171: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-06-06 01:00:22 thru 01:10:32 219.224.099.009: 810 automated attempts to log in using various passwords for user name "Administrator" (cut off in mid-flight). 2006-06-12 20:06:56 thru 20:14:40 221.244.062.238: 711 automated attempts to log in using various passwords for user name "Administrator". 2006-06-13 14:28:57 thru 19:49:44 061.019.152.098: 16,189 automated attempts to log in using various user names and passwords. 2006-06-15 12:57:37 thru 19:50:15 202.082.054.154: 7,125 automated attempts to log in using various user names and passwords. 2006-06-20 12:07:36 thru 12:19:58 080.227.146.253: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-06-22 05:15:15 thru 10:40:37 202.028.025.082: 20,210 automated attempts to log in using various user names and passwords. 2006-06-23 21:17:45 thru 21:55:25 218.027.100.204: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-06-26 05:55:41 thru 05:58:59 062.075.224.142: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-07-01 00:10:30 thru 01:42:51 217.165.126.197: 551 automated attempts to log in using various passwords for user name "Administrator". 2006-07-06 09:24:29 thru 09:30:00 082.233.079.201: 37 automated attempts at anonymous FTP. 2006-07-10 00:13:18 thru 15:59:45 222.173.002.046: 23,608 automated attempts to log in using various user names and passwords, followed by attempt to delete directory "sarcaxxo". 2006-07-10 22:06:38 thru 23:55:44 202.162.034.021: 145 automated attempts to log in using various passwords for user name "Administrator". 2006-07-14 17:12:35 thru 18:11:18 087.074.004.205: 42,770 automated attempts to log in using various passwords for user name "Administrator". 2006-07-21 11:53:44 thru 12:04:27 221.135.057.242: 262 automated attempts to log in using various passwords for user name "Administrator". 2006-07-24 16:57:57 thru 18:46:27 069.115.005.075: 20,055 automated attempts to log in using various user names and passwords. 2006-07-28 23:41:43 thru 23:59:59 061.136.060.164: 1,440 automated attempts to log in using various passwords for user name "Administrator". 2006-07-29 00:00:00 thru 00:11:04 061.136.060.164: 2,317 automated attempts to log in using various passwords for user name "Administrator". 2006-07-29 12:39:54 thru 13:15:08 218.003.242.162: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-08-06 02:58:37 thru 14:55:59 083.018.009.030: 8,916 automated attempts to log in using various user names and passwords. 2006-08-09 05:24:33 thru 05:34:30 208.029.194.170: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-08-17 18:58:18 thru 19:06:40 069.065.022.004: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-08-18 04:03:39 thru 04:47:14 202.177.095.018: 692 automated attempts to log in using various passwords for user name "test". 2006-08-19 05:11:41 thru 07:54:18 217.009.089.005: 52,762 automated attempts to log in using various user names and passwords. 2006-08-19 16:39:27 thru 17:13:48 211.162.031.102: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-08-30 06:01:40 thru 06:29:46 211.152.033.166: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-08-31 06:28:26 thru 12:03:00 061.145.116.086: 17,773 automated attempts to log in using various user names and passwords. 2006-09-02 18:01:14 thru 21:53:30 081.018.071.202: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-09-04 09:31:06 thru 09:55:23 222.122.151.082: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-09-04 18:04:52 thru 18:12:09 081.003.160.038: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-09-04 19:36:46 thru 19:39:06 083.223.110.150: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-09-04 20:36:54 thru 25:20:26 203.200.022.226: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-09-05 00:00:09 thru 01:20:26 203.200.022.226: 769 automated attempts to log in using various passwords for user name "Administrator". 2006-09-13 01:59:50 thru 06:17:24 201.073.197.003: 3,794 automated attempts to log in using various passwords for user names "Administrator" and "tsinternetuser". 2006-09-15 05:11:44 thru 09:00:58 067.036.249.206: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-09-16 22:32:53 thru 28:25:49 202.072.189.029: 2,582 automated attempts to log in using various passwords for user names "Administrator" and "tsinternetuser". 2006-09-17 10:37:02 thru 10:39:35 195.068.017.212: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-09-17 11:10:13 thru 11:28:42 200.232.023.132: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-09-17 21:24:55 thru 30:34:31 220.194.054.219: 37,434 automated attempts to log in using various passwords for user name "Administrator". 2006-09-19 04:39:48 thru 05:13:01 216.136.087.194: 2,283 automated attempts to log in using various passwords for user name "Administrator". 2006-09-29 11:09:38 thru 14:41:47 083.206.243.051: 1,758 automated attempts to log in using various passwords for username "Administrator". 2006-10-01 06:55:43 thru 09:50:54 062.148.165.134: 16,537 automated attempts to log in using various usernames and passwords. 2006-10-05 03:15:13 thru 03:15:39 080.145.036.125: 49 automated attempts to log in using various usernames and passwords.
2005-04-09 13:24:09 212.122.206.051 050409152642p 2005-04-21 02:03:31 083.194.176.065 050421040640p 2005-05-01 15:14:35 083.194.174.009 050501171756p 2005-05-13 11:28:40 083.238.094.002 050513133153p 2005-05-17 13:56:35 212.122.206.051 050517160002p 2005-05-28 10:22:13 083.113.120.228 050528122535p 2005-06-06 17:26:38 062.195.071.243 050606193016p 2005-06-21 10:49:30 084.099.004.208 050621125332p 2005-07-27 10:09:16 068.060.077.140 050727062435p 2005-07-30 16:30:02 217.051.144.135 050730173410p 2005-08-11 09:04:15 085.234.194.017 050811110847p 2005-08-13 14:02:25 084.004.044.167 050813160831p 2005-08-21 07:38:35 084.160.163.059 050821094110p 2005-08-25 08:26:38 081.171.220.226 050825093148p 2005-08-26 08:44:06 207.234.225.080 050826104851p 2005-09-01 10:05:39 213.169.189.194 050901111605p 2005-09-01 10:05:40 213.169.189.194 050901111605p 2005-09-01 10:05:40 213.169.189.194 050901111605p 2005-09-21 17:43:31 217.017.139.027 050921200825p 2005-09-26 21:59:34 084.156.176.106 050927000447p 2005-10-19 23:27:38 084.182.221.197 051020013313p 2005-11-03 09:35:00 084.182.244.118 051103104039p 2005-12-03 23:08:18 213.039.138.006 051204001417p 2005-12-10 02:26:39 081.112.058.026 051210032623p 2005-12-10 22:52:32 082.051.016.030 051210235843p 2005-12-13 11:31:43 172.207.059.164 051213123747p 2005-12-14 06:14:26 083.192.238.215 051214072643p 2005-12-18 03:10:00 082.253.194.129 051217043852p 2005-12-24 20:32:04 083.221.068.136 051224213752p 2006-01-20 17:55:34 080.171.044.136 060120185743p 2006-02-07 01:33:59 216.125.035.201 060206192015p 2006-02-13 20:15:07 069.044.167.022 060213151634p 2006-02-20 09:34:47 084.131.119.010 060220103531p 2006-02-21 04:00:43 082.165.179.142 060220230109p 2006-04-01 14:39:14 085.025.130.148 060401163945p 2006-04-02 08:58:29 080.176.230.210 060402095849p 2006-04-17 08:38:15 082.165.186.084 060417013806p 2006-04-18 23:48:05 084.129.105.242 060419014804p 2006-04-24 15:10:13 216.191.217.003 060424171018p 2006-05-05 21:20:47 151.052.218.033 060505142040p 2006-05-19 21:07:33 194.186.226.005 060520010755p 2006-05-27 00:05:22 213.017.190.218 060527020528p 2006-07-08 12:15:25 213.039.214.071 060708141536p 2006-08-30 19:34:34 217.085.197.211 060830213355p 2006-08-30 19:34:38 217.085.197.211 060830213359p 2006-08-30 20:20:49 217.227.074.106 060830222049p 2006-09-13 04:48:02 206.051.229.168 060913064815p 2006-09-26 17:55:38 212.154.037.124 060926205541p
2005-05-12 02:06:26 082.067.110.102 _kurdt 2005-05-12 02:06:26 082.067.110.102 _kurdt 2005-05-12 02:06:26 082.067.110.102 _kurdt 2005-05-12 02:06:26 082.067.110.102 _kurdt 2005-05-12 02:06:27 082.067.110.102 _kurdt 2005-05-12 02:06:27 082.067.110.102 _kurdt 2005-05-12 02:06:27 082.067.110.102 _kurdt 2005-05-12 02:06:27 082.067.110.102 _kurdt 2005-05-12 02:06:27 082.067.110.102 _kurdt 2005-05-12 02:06:27 082.067.110.102 _kurdt 2005-05-12 02:06:28 082.067.110.102 _kurdt 2005-05-12 02:06:28 082.067.110.102 _kurdt 2005-05-12 02:06:28 082.067.110.102 _kurdt 2005-05-12 02:06:28 082.067.110.102 _kurdt 2005-05-12 02:06:28 082.067.110.102 _kurdt 2005-05-12 02:06:28 082.067.110.102 _kurdt 2005-05-12 02:06:29 082.067.110.102 _kurdt 2005-05-12 02:06:29 082.067.110.102 _kurdt 2005-05-12 02:06:29 082.067.110.102 _kurdt 2005-05-12 02:06:29 082.067.110.102 _kurdt 2005-05-12 02:06:29 082.067.110.102 _kurdt 2005-05-12 02:06:29 082.067.110.102 _kurdt 2005-05-12 02:06:30 082.067.110.102 _kurdt 2005-05-12 02:06:30 082.067.110.102 _kurdt 2005-09-04 15:02:15 084.060.218.230 /incoming/324406812 2005-09-04 15:02:15 084.060.218.230 /vti_pvt/324406812 2005-09-04 15:02:16 084.060.218.230 /pub/324406812 2005-09-04 15:02:16 084.060.218.230 /tagged/324406812 2005-09-04 15:02:16 084.060.218.230 /324406812 2005-09-17 19:15:58 081.057.169.170 /_vti_pvt/89893984 2005-09-17 19:16:00 081.057.169.170 /upload/89893984 2005-09-17 19:16:00 081.057.169.170 /home/89893984 2005-09-17 19:16:00 081.057.169.170 /public/89893984 2005-09-17 19:16:00 081.057.169.170 /pub/89893984 2005-09-17 19:16:00 081.057.169.170 /temp/89893984 2005-09-17 19:16:00 081.057.169.170 /wwwroot/89893984 2005-09-17 19:16:00 081.057.169.170 /cgi-bin/89893984 2005-09-17 19:16:00 081.057.169.170 /cgibin/89893984 2005-09-17 19:16:00 081.057.169.170 /incoming/89893984 2005-09-17 19:16:00 081.057.169.170 /in/89893984 2005-09-17 19:16:00 081.057.169.170 /_vti_cnf/89893984 2005-09-17 19:16:00 081.057.169.170 /_vti_txt/89893984 2005-09-17 19:16:00 081.057.169.170 /_vti_log/89893984 2005-09-17 19:16:00 081.057.169.170 /anonymous/89893984 2005-09-17 19:16:00 081.057.169.170 /outgoing/89893984 2005-09-17 19:16:01 081.057.169.170 /tmp/89893984 2005-09-17 19:16:01 081.057.169.170 /mailroot/89893984 2005-09-17 19:16:01 081.057.169.170 /ftproot/89893984 2005-09-17 19:16:01 081.057.169.170 /images/89893984 2005-09-17 19:16:01 081.057.169.170 /_private/89893984 2005-09-17 19:16:01 081.057.169.170 /usr/89893984 2005-09-17 19:16:01 081.057.169.170 /pub/incoming/89893984 2005-09-17 19:16:01 081.057.169.170 /public/incoming/89893984 2005-09-17 19:16:01 081.057.169.170 /anonymous/_vti_pvt/89893984 2005-09-17 19:16:01 081.057.169.170 /anonymous/incoming/89893984 2005-09-17 19:16:01 081.057.169.170 /anonymous/pub/89893984 2005-09-17 19:16:01 081.057.169.170 /anonymous/public/89893984 2005-09-17 19:16:01 081.057.169.170 /usr/incoming/89893984 2005-09-17 19:16:01 081.057.169.170 /com1/89893984 2005-09-17 19:16:02 081.057.169.170 /com2/89893984 2005-09-17 19:16:02 081.057.169.170 /com3/89893984 2005-09-17 19:16:02 081.057.169.170 /040910183125p/89893984 2005-09-17 19:16:02 081.057.169.170 /040924193255p/89893984 2005-09-17 19:16:02 081.057.169.170 /040924194307p/89893984 2005-09-17 19:16:02 081.057.169.170 /040903145448p/89893984 2005-09-17 19:16:02 081.057.169.170 /040905091823p/89893984 2005-09-17 19:16:02 081.057.169.170 /040907165515p/89893984 2005-09-17 19:16:02 081.057.169.170 /040924193254p/89893984 2005-09-17 19:16:02 081.057.169.170 /040924194359p/89893984 2005-09-17 19:16:02 081.057.169.170 /logFiles/89893984 2005-09-17 19:16:02 081.057.169.170 /includes/89893984 2005-09-17 19:16:02 081.057.169.170 /Email/89893984 2005-09-17 19:16:02 081.057.169.170 /adimages/89893984 2005-09-17 19:16:03 081.057.169.170 /transfer/89893984 2005-09-17 19:16:03 081.057.169.170 /search/_vti_cnf/89893984 2005-09-17 19:16:03 081.057.169.170 /lang/89893984 2005-09-17 19:16:03 081.057.169.170 /docs/89893984 2005-09-17 19:16:03 081.057.169.170 /NEW/89893984 2005-09-17 19:16:03 081.057.169.170 /NEW/images/89893984 2005-09-17 19:16:03 081.057.169.170 /PDF/89893984 2005-09-17 19:16:03 081.057.169.170 /system_logs/89893984 2005-09-17 19:16:03 081.057.169.170 /delevery_logs/89893984 2005-09-17 19:16:03 081.057.169.170 /cli_logs/89893984 2005-09-17 19:16:03 081.057.169.170 /ftpd_logs/89893984 2005-09-17 19:16:03 081.057.169.170 /ldap_logs/89893984 2005-09-17 19:16:03 081.057.169.170 /mail_logs/89893984 2005-09-17 19:16:03 081.057.169.170 /c:/89893984 2005-09-17 19:16:04 081.057.169.170 /d:/89893984 2005-09-17 19:16:04 081.057.169.170 /c:/WINDOWS/89893984 2005-09-17 19:16:04 081.057.169.170 /c:/winnt/89893984 2005-09-17 19:16:04 081.057.169.170 /Admin/89893984 2005-09-17 19:16:04 081.057.169.170 /IT_Services/89893984 2005-09-17 19:16:04 081.057.169.170 /TaGGed0/89893984 2005-09-17 19:16:04 081.057.169.170 /Data/89893984 2005-09-17 19:16:04 081.057.169.170 /050428114135p/89893984 2005-09-17 19:16:04 081.057.169.170 /SHARE1/89893984 2005-09-17 19:16:04 081.057.169.170 /BB/89893984 2005-09-17 19:16:04 081.057.169.170 /Exchange/89893984 2005-09-17 19:16:04 081.057.169.170 /users/89893984 2005-09-17 19:16:04 081.057.169.170 /uploads/89893984 2005-09-17 19:16:05 081.057.169.170 /dl/89893984 2005-09-17 19:16:05 081.057.169.170 /H/89893984 2005-09-17 19:16:05 081.057.169.170 C:/AEAT/89893984 2005-09-17 19:16:05 081.057.169.170 /050309025921p/89893984 2005-09-17 19:16:05 081.057.169.170 /D:/Site+FTP/Upload/89893984 2005-09-17 19:16:05 081.057.169.170 /woot/89893984 2005-09-17 19:16:05 081.057.169.170 /ftp/89893984 2006-07-10 15:59:47 222.173.002.046 sarcaxxo (attempted deletion) 2006-07-10 15:59:49 222.173.002.046 sarcaxxo (attempted deletion)
[End of document, updated to 5 October 2006]