Re: ftpd loop hole ?
From: Alexander Leidinger (Alexander_at_Leidinger.net)
Date: 02/25/04
- Previous message: Gleb Smirnoff: "Re: ftpd loop hole ?"
- In reply to: Julian Stacey: "ftpd loop hole ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 25 Feb 2004 12:14:38 +0100 To: "Julian Stacey" <jhs@berklix.org>
On Wed, 25 Feb 2004 04:58:35 +0100 (CET)
"Julian Stacey" <jhs@berklix.org> wrote:
> Hi freebsd-isp@ people, CC np@bsn.com, ewinter@ewinter.org
>
> Has anyone else seen an exploit of standard ftpd on 4.9-RELEASE ?
I haven't, but this doesn't mean there can't be one lurking around.
> Some bandwidth thief uploaded videos to my ~ftp/ for bootleggers to download.
>
> How to stop a repeat occurence ? There's very few people have
> logins on this machine, & I trust the people, & most of them aren't even
> competent to achieve an intrusion. It was probably not an inside job.
[config]
It depends on the configuration. You had a ftp user and the ftpd wasn't
configured to disallow anonymous logins.
If the server depends upon the use of anonymous logins, and those guests
have to be allowed to upload data and download the same data, there's
nothing you can do about it.
If you don't need anonymous
- access, remove the ftp user
- read access, use the -O option
- write access, use an appropriate chmod command
Bye,
Alexander.
--
I will be available to get hired in April 2004.
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Gleb Smirnoff: "Re: ftpd loop hole ?"
- In reply to: Julian Stacey: "ftpd loop hole ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
