Noticed in event logs a lot of MSFTPSVC system events with The server was unable to logon the Windows NT account 'test' due to the following error: Logon failure: unknown user name or bad password. Also the same with user administrator.
Eventually we got a timeout message for IP address 220.127.116.11 – putting this into google comes up with CHINA RAILWAY TELECOMMUNICATIONS CENTER and warnings about hackers!
Have now disabled the ftp publishing service on this server - not sure why it was enabled anyway and warned embc internet providers about the IP address.
Posting as a warning for others if you have ftp service enabled.
Wouldn't worry about it too much; that IP has been infected/utilised for some time; the first google result to Absolute Zero talks about it from back in October.
I suppose again looking at that link it reckons it tried to authenticate 1650 times ... why on earth had a firewall with port triggering not dealt with it by then is beyond me!
There are currently 1 users browsing this thread. (0 members and 1 guests)