Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ftp Hijacked?!

Status
Not open for further replies.
steverbs

steverbs

Programmer
Jul 17, 2003
253
GB
Hi all.

I have just found a whole load of what look to be illegal files (they look like music and movie files) on one of our webservers Ftp_root dirs. There's a folder which apparently has no name that can not be deleted and there are a whole other bunch of oddly named folders like:
" .com1"
" .com3"
" .com4"
etc and they contain about 7gb of data. I've now deleted most of them but some can not be deleted. When I try to delete them, I get the messages "Can not delete [filename]. Make sure the disk is not full or write protected..." or "Can not read from the cource file or disk". Also, I have found that an unknown user account had been added to the permissions for the Default Ftp Site. The account showed as something like "?unknown account 17687689kjggkj", which did not show up under the user accounts, only in the Ftp site's permissions.

So, how can I delete these files and is there any way to stop this happening again?

Thanks in advance for your help.

Steve.
 
Sort by date Sort by votes
Steverbs-
Did you ever get this solved? We've had this happen as well. We've had folders show up with no name at all but just full of files. Go to a command prompt, change directory to where the files are that you want to delete, enter the command dir /x. This displays folder names not entered in the "8.3" format. You can then delete the folder with the RD command. If it says that the folder is not empty, then you will have to drill down and delete what you can from that folder via explorer. Sometimes, I have to do a restart into safe mode to get them all deleted.
 
Upvote 0 Downvote
If this account was created, you may not have ownership to the files. Right click where the root is and go to properties, security, advanced, ownership and replace ownership with an admin account. Then you should check if the files are being used. Right click my computer and click manage. Select shared folders then open files. If any are open, disconnect them. Also look in sessions. Look in active sessions of the ftp server and its log. Get ip addresses and trace them to an ISP and tell them. They may need exact times and dates to trace dynamic ranges of ip's
 
Upvote 0 Downvote
If you have a windows 98 box handy, or if you can find it on the net, grab the rm command and try using it from the cmd prompt of the affected server...

I saw this happen in NT and that was the way I got rid of it...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
270
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
FTP Issues
Replies
9
Views
249
SamBones
SamBones
Stijn
  • Locked
  • Question
No access from LAN to FTP-site with SSL
Replies
0
Views
59
Stijn
Stijn
1DMF
  • Locked
  • Question
FTP - home directory inaccessoible
Replies
1
Views
85
1DMF
1DMF
Carlitos71
  • Locked
  • Question
FTP Permission
Replies
0
Views
45
Carlitos71
Carlitos71

Part and Inventory Search

Sponsor

Back
Top