Wireless Networks Thread, chinese hackers in Technical; Noticed in event logs a lot of MSFTPSVC system events with The server was unable to logon the Windows NT ...
5th January 2009, 11:57 AM #1
Noticed in event logs a lot of MSFTPSVC system events with The server was unable to logon the Windows NT account 'test' due to the following error: Logon failure: unknown user name or bad password. Also the same with user administrator.
Eventually we got a timeout message for IP address 220.127.116.11 – putting this into google comes up with CHINA RAILWAY TELECOMMUNICATIONS CENTER and warnings about hackers!
Have now disabled the ftp publishing service on this server - not sure why it was enabled anyway and warned embc internet providers about the IP address.
Posting as a warning for others if you have ftp service enabled.
5th January 2009, 05:05 PM #2
Wouldn't worry about it too much; that IP has been infected/utilised for some time; the first google result to Absolute Zero talks about it from back in October.
I suppose again looking at that link it reckons it tried to authenticate 1650 times ... why on earth had a firewall with port triggering not dealt with it by then is beyond me!
By tmcd35 in forum How do you do....it?
Last Post: 5th January 2009, 03:23 PM
By tech_guy in forum Windows
Last Post: 8th April 2008, 01:25 PM
By FN-GM in forum IT News
Last Post: 5th September 2007, 11:49 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)