From owner-freebsd-questions Mon Jan 6 6:31:46 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F3D1537B401 for ; Mon, 6 Jan 2003 06:31:43 -0800 (PST) Received: from portal.aphroland.org (portal.aphroland.org [216.39.174.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 46DD043E4A for ; Mon, 6 Jan 2003 06:31:43 -0800 (PST) (envelope-from freebsd@aphroland.org) Received: by portal.aphroland.org (Postfix, from userid 1010) id E9667278017; Mon, 6 Jan 2003 06:31:31 -0800 (PST) Received: from portal.aphroland.org (debian [127.0.0.1]) by portal.aphroland.org (Postfix) with SMTP id 0E3FA27800B for ; Mon, 6 Jan 2003 06:31:29 -0800 (PST) Received: from redhat.aphroland.org ([10.10.10.7]) (SquirrelMail authenticated user aphro) by webmail.linuxpowered.net with HTTP; Mon, 6 Jan 2003 06:31:29 -0800 (PST) Message-ID: <58009.10.10.10.7.1041863489.squirrel@webmail.linuxpowered.net> Date: Mon, 6 Jan 2003 06:31:29 -0800 (PST) Subject: Re: FTP incoming directory. Damned Hooligans. From: "nate" To: X-XheaderVersion: 1.1 X-UserAgent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5 In-Reply-To: <00a701c2b543$dc5ffe30$7419cdcd@ticking> References: <00a701c2b543$dc5ffe30$7419cdcd@ticking> X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.9) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Status: No, hits=-0.4 required=5.0 tests=IN_REP_TO,MSG_ID_ADDED_BY_MTA_3,QUOTED_EMAIL_TEXT, REFERENCES,SPAM_PHRASE_00_01 version=2.42 X-Spam-Level: X-Sanitizer: This message has been sanitized! X-Sanitizer-URL: http://mailtools.anomy.net/ X-Sanitizer-Rev: $Id: Sanitizer.pm,v 1.54 2002/02/15 16:59:07 bre Exp $ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Adam Maas said: > Anonymous FTP right? > > The more sophisticates warez kiddies have taken to scanning networks for > anonymous ftp servers, and then loading them up with their warez/pr0n and > giving out trhe IP. Had it happen to a few customers (I work Tech Support > for Major Evil Backbone Provider). > > Next time give them logins to the box and always disable anonymous FTP. for my previous company I setup an anonymous ftp server. It was pretty locked down, it worked very well though. I used proftpd, since it had acls which overrode filesystem permissions. the anonymous user had 2 directories, which were invisible unless you knew the name(not hard to guess but still): incoming - anyone can upload, nobody can list files, nobody can download files outgoing - anyone can download, nobody can list files, nobody can upload files there was a special account that the staff used to manage the files on the system. this made it easy for them to upload a file to outgoing with this account and email the url ftp://some.ftp.server/outgoing/filename.zip or whatever, and it would download, but unless you knew the filename you couldn't get anything. This worked out better then providing accounts for each customer. The company had such a system inplace earlier and it was a total mess. Provided the employee made a sufficiently obscure filename(anything but filename.zip!) It was enough to prevent unauthorized downloads of files. and when trying to list files, the server wouldn't return an error like permission denied it would just show nothing. Never had a problem with them warez kids using it :) (that is, they never could ..) Incase your interested i trying such a configuration, this is what I used: DisplayLogin welcome.msg User ftp Group ftp UserAlias anonymous ftp MaxClients 10 DisplayLogin welcome.msg DisplayFirstChdir .message DenyAll DenyAll AllowAll DenyAll AllowAll nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message