[H-GEN] FTP login by wtmp?

Everist, Geoff everistg at switch.aust.com
Mon Aug 23 20:16:32 EDT 1999


[ Humbug *General* list - semi-serious discussions about Humbug and
Unix-related topics. ]

[snip]
> 
> On Mon, 23 Aug 1999, Everist, Geoff wrote:
> > "This user has had their account suspended, and I will be 
> speaking with
> > them personally."
> > 
> > Why do I feel somewhat underwhelmed?
> 
> I understand, having been hacked myself, but what would whelm you?
> 
> There is very little an ISP can do besides report this to the 
> police, the
> police can't do anything unless there is a complaint to them from the
> owner of the machine which is difficult seeing they are in NZ 
> and you are
> in Oz.
> 
> Cheers,
> 
> Raymond
[snip]

Well, here is an update:

"The user had been infected with Back Orifice. Unfortunatly they formatted
their computer after discovering they were infected, so at present we have
no logs of who it actually was."

Had this been followed up and investigated earlier, they may have been able
to track this person further (mind you, I don't know how much use the
Winblows logs would have been).

Cheers
Geoff

--
This is list (humbug) general handled by majordomo at lists.humbug.org.au .
Postings only from subscribed addresses of lists general or general-post.



More information about the General mailing list