If you ever wonder how clever it was of me to make an FTP tool that used the default anonymous password “curl_by_daniel@…” once upon a time and you want to know why I changed that toÂ email@example.com instead? Here’s a golden snippet to just absorb and enjoy:
Date: Thu, 23 Dec 2010 22:56:00 From: iHack3r <hidden> To: info@[my company] Subject: Hacking me To the idiot named Daniel, Please stop brute force attacking my FTP client. I do not appreciate it, i have an anonymous account set up for the general public to access my files that i want them to access, QUIT trying to hack the admin because 1. DISABLED unless i am leaving to go somewhere without my computer 2: THE PASSWORD is random letters and numbers. -iHack3r
The password was changed at Feb 13 2007 in the curl version 7.16.2, but there are a surprisingly large amount of older curls still around out there…
Update: as the person responded again after having read this blog post and still didn’t get it, I felt the urge to speak up in even more clear terms:
I didn’t have anything to do with any “hacker attack” on any site. Not yours, and not anyone else’s. The fact that almost-my-email address appeared in your logs is because I wrote the FTP client. It is a general FTP client that is being used by a very very large amount of people all over the world. If I ever would attack a site, why on earth would I send along my real name or email address?