RE: Who/What is sft@loader.com in our IIS Logs? MSFTPSVC Event 10

microsoft.public.windows.server.security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

Subject	Author	Date
RE: Who/What is sft@loader.com in our IIS Logs? MSFTPSVC Event 10	Ben	02-21-2008

Posted by Ben on February 21, 2008, 4:20 pm

Please log in for more thread options

This appears to be an automated process used to store (presumably) pirated
software, media, etc. on unsecured FTP servers. The "sft-loader" M.O. seems
to be: log in as an anonymous user, test for write access, stash file(s) in
subdirectories.

Administrators, at the very least please disable your anonymous FTP account!

Similar Threads	Posted
RE: Who/What is sft@loader.com in our IIS Logs? MSFTPSVC Event 10	November 19, 2007, 7:38 am
Security Event Logs	June 10, 2005, 8:36 am
Rights to event logs	June 15, 2005, 2:03 pm
security event logs in DC as well ? SOS	May 3, 2006, 6:06 pm
Re: Access Deined event logs	October 26, 2005, 9:12 pm
Access Deined event logs	October 25, 2005, 8:51 am
Event ID 577 Filing Security Logs	July 19, 2006, 10:45 am
Windows Server 2003 event logs	May 2, 2006, 3:29 pm
Reading Security Event Logs with Service Account	November 15, 2007, 7:36 pm
Event ID 2003 Unable to open the performance logs and alerts confi	May 30, 2006, 6:28 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML Sitemap

XML Sitemap