Rockbox General > Rockbox General Discussion
DANIEL STERNBERG OR FTP SERVER MAINTAINERS: HELP!
afruff23:
I have an FTP server set up on my PC with no password. THis server is purely for allowing me to access my files away from home. I am using Windows XP 64-bit's built in FTP server (IIS 6.0). I check the logs and I find lines like this(attached):
--- Quote ---10:08:50 my.ip.was.here [53]PASS curl_by_daniel AT haxx.se 230 0
--- End quote ---
Replace the AT with an @ sign.
Now this baffles me. This is Daniel Sternberg's e-mail address used as a password, yet it was accessed from my IP address it seems.
So can somebody explain to me what's going on by looking at this log(attached)? Does Rockbox.org log my IP or something? What about Rockbox IRC?
[attachment deleted by admin, too old]
Llorean:
Daniel Stenberg wrote the program called cURL. While I can't say for certain, I suspect that it's purely happenstance and has to do with whatever program you're using to access the FTP server. You may notice that it's also coming from 192.168.0.106 which is a local IP.
LinusN:
Someone used curl to fetch a file from your server. Anonymous FTP access normally uses the email address as password, and curl send daniel's email address as the password when doing anonymous FTP. Simple as that.
bluebrother:
--- Quote from: afruff23 on January 28, 2007, 04:05:08 AM ---I have an FTP server set up on my PC with no password. THis server is purely for allowing me to access my files away from home.
--- End quote ---
Wow. Do you really consider using ftp for accessing your files over the internet (and from your writing I assume it's your *personal* files, nothing that's ok for the world to see) a good idea? I'd really suggest using something better, like sftp with password. The log you attached doesn't look like everyone should be able accessing the files. And script kiddies are all around on the internet ...
Also, screaming a subject won't help, and, if you suspect this has something to do with daniel, why don't you mail him directly? At least the logs have his mail address ... (and remember, for anonymous ftp you can send any string you like as password -- an attacker could even send your mail address if he knows it).
bk:
Yes, there is absolutely no reason to use ftp for this purpose. Read up on SSH.
Navigation
[0] Message Index
[#] Next page
Go to full version