Date: Tue, 16 Oct 2001 12:54:34 -0700 (PDT) From: Tim Erlin <tperlin@yahoo.com> To: scott@gerhardt-it.com, freebsd-questions@FreeBSD.ORG Subject: Re: ftp security Message-ID: <20011016195434.58399.qmail@web11705.mail.yahoo.com> In-Reply-To: <3BCC919F.B32824A9@gerhardt-it.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You'll see on this list numerous times the caveat(or something similar): "Once a box has been compromised, there is no way other than a complete re-install to be sure that you have fixed/cleaned/removed the damage done." If you're paranoid, this would be such a case, I would think. --Tim --- Scott Gerhardt <scott@gerhardt-it.com> wrote: > I just set up a FreeBSD 4.4-Release box and enabled > anonymous ftp during > the install. > > Within 24 hours I noticed a "/Tagged/by/PS2H/" > directory under > /var/ftp/pub/incoming. > > I couldn't find any good documentation on this, but > came accross lots of > other "Tagged" ftp sites when doing a google search > on "ftp incoming > tagged". > > My conclusion is that this is a common thing and is > only slightly > malicous to the extent of ftp uploads consuming disk > space. I would > guess it is just script kiddies trying to find a > place to store porn. Am > I correct? > > Since I don't need anonymous uploads enabled, I did > the following: > 1.) Deleted everything under /var/ftp/pub including > /incoming > 2.) Turned on ftpd logging verbose '-l -l' > > > With logging on I noticed that there are still > anonymous requests to > create "@@Tagged@@_" directories. > > > Is there anything else I should know? > > > - Paranoid > > > -- > ------------------------------------ > Scott Gerhardt, P.Geo. > Gerhardt Information Technologies > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of > the message __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011016195434.58399.qmail>