Wireless Networks Thread, chinese hackers in Technical; Noticed in event logs a lot of MSFTPSVC system events with The server was unable to logon the Windows NT ...
5th January 2009, 12:57 PM #1
Noticed in event logs a lot of MSFTPSVC system events with The server was unable to logon the Windows NT account 'test' due to the following error: Logon failure: unknown user name or bad password. Also the same with user administrator.
Eventually we got a timeout message for IP address 220.127.116.11 – putting this into google comes up with CHINA RAILWAY TELECOMMUNICATIONS CENTER and warnings about hackers!
Have now disabled the ftp publishing service on this server - not sure why it was enabled anyway and warned embc internet providers about the IP address.
Posting as a warning for others if you have ftp service enabled.
5th January 2009, 06:05 PM #2
Wouldn't worry about it too much; that IP has been infected/utilised for some time; the first google result to Absolute Zero talks about it from back in October.
I suppose again looking at that link it reckons it tried to authenticate 1650 times ... why on earth had a firewall with port triggering not dealt with it by then is beyond me!
By tmcd35 in forum How do you do....it?
Last Post: 5th January 2009, 04:23 PM
By tech_guy in forum Windows
Last Post: 8th April 2008, 02:25 PM
By FN-GM in forum IT News
Last Post: 6th September 2007, 12:49 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)