Jenny_gw — Wed, 25 May 2005 17:44:15 +0000

Not sure if it's worth trying, but why not move your ftp away from port 21 as this is one hackers aim at. If you are the only one using the ftp it's workable.

CptAwesome — Fri, 06 May 2005 18:16:35 +0000

The only other thing that comes to mind (Though this is long past the point) is Frontpage HTTP uploads.

t3roar — Thu, 05 May 2005 19:43:27 +0000

Hey dude, hard luck, did any of your files get deleted? First thing that came to my mind was what Mairving said, he must have weasled out the info you want to see but forgot to delete that one line...

Another way to upload stuff (he still could have used ssh so contact your host for the unmoddable logs) is if he has your cpanel pass then he can use that file manager...all i can think of at the mo...good luck dude

eBlush_Hector — Sat, 12 Mar 2005 18:04:49 +0000

Also, just because you couldn't break in using telnet (assuming you are running the service) doesn't mean it's secure.
IOW, ftp may or may not be the point of entry. It may be a completely different service, and one that may not even have been designed to upload files.

Check ALL the other possible logs you have around the time of the break in. You might get lucky and find a few clues.

mairving — Fri, 11 Feb 2005 13:33:26 +0000

Hard to tell with that little information. One of the first thing a cracker does is try to cover his tracks by editing or deleting logfiles.