Misunderstanding. I use sftp because ftp is unsafe and to be able to use sftp you have to enable shell-accounts for every virtual site. Problem on my Raq is that any site administrator now has shell access on admin level. I don't grant it, it's somehow configured that way. So, something needs to be changed, don't know what yet. Using FTP with user admin is not a wise thing to do. I'm not taking any changes on getting a bill for 1400 GB of traffic that will cost me 42.000 euro's! I even disabled ftp for the moment. Take care, Peter
-----Oorspronkelijk bericht----- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens J�rg Jan M�nter Verzonden: donderdag 23 januari 2003 15:07 Aan: [EMAIL PROTECTED] Onderwerp: Re: [cobalt-developers] Fixing the nasty RaQ Hack... Am Donnerstag, 23. Januar 2003 13:46 schrieben Sie: > I know and don't/do. About two weeks ago an incident occured on a Cobalt > and a cracker generated about 1400 Gb of traffic in less then 3 hours. > Sniffing the ftp-account and getting root-access was the cause. > By the way: any site-administrator gets shell-access (admin) when using > sftp, that is to say, on my Raq4. > Peter > Hi out there, why do you grant shell acces to any user? I wouln't grant anything but FTP access. And as someone already said i would access the RaQ by FTP with admin user. None of our customers needs shell access. If anything has to be installed it firstly gets checked by us. Yours Jan* -- --------------------- Ingenieurb�ro M�nter J�rg Jan M�nter Leipziger Stra�e 16 38165 Wendhausen [EMAIL PROTECTED] Tel: 05309 - 8052 Fax: 05309 - 8053 --------------------- _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
