Logs of Services

<<< USER anonymous >>> 230 Hi. No need to log in; you have already access privil <<< CWD /pub/ >>> 250 CWD command successful. <<< MKD .010712170944p >>> 550 Permission denied. <<< CWD /public/ >>> 550 No such directory. <<< CWD /pub/incoming/ >>> 550 No such directory. <<< CWD /incoming/ >>> 550 No such directory. <<< CWD /_vti_pvt/ >>> 550 No such directory. <<< CWD / >>> 250 CWD command successful. <<< MKD .010712170949p >>> 550 Permission denied. <<< CWD /upload/ >>> 550 No such directory. <<< CWD / / >>> 550 No such directory.

All services that are provided to the outside world should generate extensive logs.

In this example, our FTP server caught a session of an attacker who is interested in publicly writable directories to upload illegal stuff (warez, audio, video, or even worse things) which can be downloaded afterwards.

Many misconfigured web servers from Microsoft allow this. _vti_pvt is a directory which is used to administrate Frontpage uploads to a web server.

	All services that are provided to the outside world should generate extensive logs.
	In this example, our FTP server caught a session of an attacker who is interested in publicly writable directories to upload illegal stuff (warez, audio, video, or even worse things) which can be downloaded afterwards.
	Many misconfigured web servers from Microsoft allow this. `_vti_pvt` is a directory which is used to administrate Frontpage uploads to a web server.