Recent logs revealed scans for the username ‘FTP_3cx,’ which appears unusual given the context of 3CX software, known for business phone systems. Initial thoughts suggested this might be a default user, but further investigation found no documentation supporting that assumption. The 3CX system does not run an FTP server as a standard feature.
Instead, the documentation indicates configuration backups can be made to an FTP server, but it uses ‘3cxftpuser’ as the example user, raising questions about the legitimacy of the observed scans. Notably, the documentation stresses that the FTP server’s functionalities can operate on a separate system from the 3CX software. The use of a non-standard username might indicate a probing attempt and should be monitored closely to ensure system security.
👉 Pročitaj original: SANS Internet Storm Center
