loading...

re: Six Ways a Russian Hacker Attacked My Website VIEW POST

FULL DISCUSSION
 

1) the FTP might not be his. It was pretty easy and common in the past to search for anonymous writeable FTP servers, FTP servers with leaked credentials (accidentally left in source code on github or elsewhere) and to misuse them as an attack vector.

2) the w;w;w might be an attempt to call a "w" command on linux which displays list of active users. Like here:

user@host:~# w
20:19:41 up 218 days, 13:22, 1 user, load average: 0.09, 0.08, 0.02
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 111.222.333.444- 20:18 5.00s 0.04s 14.70s mosh-server new -c 256 -s -l LANG=en_US.UTF-8 -l LC_CTYPE=UTF-8 -l LC_ALL=en_US.UTF-8

code of conduct - report abuse