Aug 8th, 2011, 04:08 PM
I dont know much about security when it comes to ftp sites, or anything beyond a user account on a personal computer. Anyways, I have had this a few times where someone uploads image files to our work ftp site. They are like generic wallpaper images. They send no email with what its regarding, and just seems strange. This happened this morning at 4:19 am. These same files were uploaded a few months ago, and a few months beyond that. Not sure what anyone would gain from uploading images, or what it could do, but it has left me scratching my head. Our system works like this, on our webpage, there is an option to upload a file so we can quote on it, were a printing company. What people are supposed to do is fill out the online quote request form, then upload the file. You can just upload the file though without filling out the form, so no idea who it comes from.
Aug 8th, 2011, 07:37 PM
Someone perhaps probing for vulnerabilities etc. You -do- have the file types locked down?
Aug 9th, 2011, 12:52 AM
You may want to integrate some form validation to your quote request forms (no email, no upload) something like that may help a little. You can also have a look at the time stamp on the upload and cross reference that with your apache logs to find the ip address of the uploader.
Aug 9th, 2011, 08:33 AM
Those are all default wallpapers from Windows XP.
You may want to put a reCAPTCHA on that form.
Seems like a bot, could be a user, testing open uploads.
Aug 12th, 2011, 04:04 PM
Someone just trolling for some free (to use) ftp space no doubt, probably just a scripted attack in fact. They will try to upload simple images and if it works and they can get at them they would come back and try and uploading botnet scripts and the like so they can take over your server and use it for spam or other nefarious purposes.