vcant Posted September 8, 2003 Share Posted September 8, 2003 one of the servers i work with (not mine luckely) got hacked recently. Well actually not really hacked, because the ownew 'wisely' opened anonimouse FTP access to it(acting on a tip from the hosting company support ).anywho, of course someone got in, created lots and lots of folders, and uploaded DVD movies (28 Gigs of them ).while the guy is sorting the issue out with the hosting provider, he asked me to delete the folders, but for some reason i cannot, the folders have illegal name, and windows cannot read them. any ideas how to delete these folders? Link to comment Share on other sites More sharing options...
Robertson Posted September 9, 2003 Share Posted September 9, 2003 I had similar problem once. Set your ftp client to show hidden files and then delete the hidden files. As theres some .htaccess and a few others that have to be removed inidividually Link to comment Share on other sites More sharing options...
XPerties Posted September 9, 2003 Share Posted September 9, 2003 Set your ftp client to show hidden files and chmod the permissions to 777. If that doesn't work tell the root owner to do it. That is his job. Link to comment Share on other sites More sharing options...
vcant Posted September 9, 2003 Author Share Posted September 9, 2003 the problem is different,first of all its windows so no .htaccess there.the fiolders are not hidden, but have illegal windows name, so windows does not read them.(if i click properties on one of them, it shows no name, and no size, and if i click delete, it says that windows cannot read specified file)example: the folder in windows explorer looks has the name ' blahblah ' (with some spaces before and after the name), but when i checked the FTP log, they were created as '++++blahblah+++' and for some reason windows doesnt recognize them.i will attach some screenshots.editi cannot attach screenshots, because computer has been taken offline. edithere is the part of the FTP log file, when the directories were created:08:47:22 ip address[40]MKD /+/++++++aux+%20%d+0++++++./+ 25708:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++./+ 25708:47:23 ip address[40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++prn+%20%d+0+++++++./+ 25708:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++prn+%20%d+0+++++++/++RandoMaze+4,1233403578366E+36++./+ 25708:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++com+%20%d+1++++++++./+ 25708:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++com+%20%d+1++++++++/++RandoMaze+2,82743338823081E+36++./+ 25708:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++nul+%20%d+2++++./+ 25708:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++nul+%20%d+2++++/++RandoMaze+6,28318530717959E+35++./+ 25708:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/+++con+%20%d+3++++++++./+ 25708:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/+++con+%20%d+3++++++++/++RandoMaze+4,24115008234622E+36++./+ 25708:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++++com+%20%d+4+++./+ 25708:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++++com+%20%d+4+++/++RandoMaze+7,85398163397448E+35++./+ 25708:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/+++++++aux+%20%d+5++++++++./+ 25708:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/+++++++aux+%20%d+5++++++++/++RandoMaze+7,06858347057704E+36++./+ 25708:47:24 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++++lpt+%20%d+6+++++./+ 25708:47:24 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++++lpt+%20%d+6+++++/++RandoMaze+3,53429173528852E+36++./+ 25708:47:24 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/+++++++aux+%20%d+7+++++./+ 25708:47:24 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/+++++++aux+%20%d+7+++++/++RandoMaze+3,53429173528852E+36++./+ 25708:47:24 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++++lpt+%20%d+8+++++++./+ 25708:47:24 ip address [40]MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++++lpt+%20%d+8+++++++/++RandoMaze+5,89048622548086E+36++./+ 25708:47:24 ip address [40]MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+1+++./+ 257 Link to comment Share on other sites More sharing options...
dvprao Posted October 9, 2003 Share Posted October 9, 2003 I also have a similar issue.I deleted all the cd image files but there are some empty folders which i can not seem to delete. I can see a zip file but can not access it. The filw shows as though it has a size etc.Any hint on how to sort this out will be of great help.Thanks in advance to any one who responds. Link to comment Share on other sites More sharing options...
Thanatos Posted October 27, 2003 Share Posted October 27, 2003 They include AUX, its one of windows' 'reserved words', like CON, PRN etc. You can't create folders with those names under windows. The only thing I can think of is to try to delete them under linux Link to comment Share on other sites More sharing options...
possumus Posted November 6, 2003 Share Posted November 6, 2003 Hello to everybody. I'm from Argentina and I have a very bad english. Sorry for that.The folders created at the moment of hacking can be deleted with Norton Commander. You can do this locally or in a terminal server session, or mapping a network unit (the unit that contain the folders) and running the norton commander.I have been hacked two times, and I quit the anonimous access for ftp. I hope that will stop them. Link to comment Share on other sites More sharing options...
ChrisG631 Posted November 20, 2003 Share Posted November 20, 2003 u can delete the dir's in dos..just use:rmdir /s "path" Link to comment Share on other sites More sharing options...
XPerties Posted November 20, 2003 Share Posted November 20, 2003 and I quit the anonimous access for ftp.Bad. I don't allow it on my servers and never will. Your asking for trouble. Link to comment Share on other sites More sharing options...
jlw747 Posted December 16, 2003 Share Posted December 16, 2003 I have the same problem as 'vcant'. It is a Windows XP machine and the folder is on a RAID drive. I have tried all the 'safe mode' 'command prompt' etc, tried the rmdir /s but none of it works.I would really appreciate any help!! Link to comment Share on other sites More sharing options...
jlw747 Posted December 16, 2003 Share Posted December 16, 2003 I have just received an e-mail which has fixed this problem use dir /X to get the 8.3 folder namethen RD /S and path\8.3 foldernameIt would not work over a network 'mapped drive', I got 'access denied'.Tried it on the machine with the problem folder and it worked like a charm.Thanks to sarthed. Link to comment Share on other sites More sharing options...
ayehia Posted December 18, 2003 Share Posted December 18, 2003 You must be logged on locally to the Windows-based computer to delete these files. If the file was created on a file allocation table (FAT) partition, you may be able to delete the file under MS-DOS by using standard command line utilities (such as DEL) with wildcard (*) characters, for example: DEL PR?.*-or- DEL LPT?.*These commands do not work on an NTFS file system partition. For this case another option would be to use a syntax that bypasses the normal reserved-word checks altogether. You may be able to delete any file by using a command like this: DEL \\.\drive letter:\path\file nameFor example: DEL \\.\c:\somedir\auxIf the name in the file system appears as a directory, you may be able to delete any directory by using a command like this: RD \\.\drive letter:\path\directory nameFor example: RD \\.\c:\somedir\aux Link to comment Share on other sites More sharing options...
FthrJACK Posted December 18, 2003 Share Posted December 18, 2003 The folders will be full of warez.as you know the paths for them, connect to the FTP using a client and put the path in the browser bar and see whats inside the folders.people scan ip ranges and then create these folders to fill with warez as you probably know. But i think you can delete them under DOS.Also, maybe turning windows file protection off will help? ive never had to do this so im going on a limb here. Link to comment Share on other sites More sharing options...
jchapz29 Posted March 3, 2004 Share Posted March 3, 2004 You have to figure out the generated short names, then use rmdir /s to remove the directories by these short names. To find out what the short names are, use dir /x from a command prompt. You cannot delete these types of folders from the top level. You have to cd (change dir) to them, all the way to the bottom of the structure, and work your way up. Link to comment Share on other sites More sharing options...
Famer Posted March 3, 2004 Share Posted March 3, 2004 Hard format is what i hear coming next if he cant wipe the folders offf the system Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now