Dan: That may be...but the fact of the matter remains that I personally had put ServU on my machine, and shortly thereafter was hacked. Found a ridiculous amount of porn (really really bad porn...the worst porn I ever spent 20 straight hours watching) on my machine (along with the aforementioned accounts created with god-like permissions on drives A-Z).
Now, I'll be the first to admit that I'm not a network guy/system administrator. Could I have set it up in an insecure manner? Sure. It's possible. But I've also used bulletproof, IIS's FTP (bleh), and filezilla...all with no issues (that I'm aware of, at least) :) So in my mind, regardless of what I've read...the problem was Serv-U. However, this was roughly 4 years ago. If new versions are more secure, that's fair enough and a perfectly valid answer. But that's the answer I would expect instead of being presented with the question of "how is using an application that's popular among the hacker crowd negative?". On 10/10/05, Dan G. Switzer, II <[EMAIL PROTECTED]> wrote: > Charlie, > > >If I have the choice of 'product A' or 'product B', and product A is > >documented as being overwhelmingly targeted by hackers, I think that > >should be a factor in my decision. But hey, to each their own and > >all. > > I think you may be misreading some of the Serv-U quotes. It's not "targeted" > by hackers, but hackers commonly use builds of Serv-U v2 once they have > compromise a server so they can FTP in to the server. It's not that they > compromise Serv-U (although there have been security holes found in some > older versions,) it's that they would install a copy of Serv-U to use as a > way to access the server. > > There's a difference between hackers using an application and exploiting the > application. The reason Serv-U became so popular to use as a "backdoor" was > because early versions of Serv-U only needed an INI file (no installation,) > it left a very small memory footprint and was pretty easy to hide a process. > Not to mention, it was such a popular FTP server that it might often go > overlooked if found, because admins are used to seeing it installed on their > servers. > > In my experience, I've found Serv-U to be really secure in the past. > Granted, as the program has grown, so have the potential for security holes, > but Rob's always been good about patching problems quickly. > > -Dan > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220570 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
