Yo,
Yes you should not allow anonymous, and especially anonymous upload if you don't
really need this feature. Having such a software as mature as wu-ftpd is
good but we can all do better than that ..
Speaking of wu-ftpd, I wonder why some people said beforehand you need
to define the anonymous dir to /var/ftp. People should check /etc/passwd
to see whether the FTP user homedir is defined to /var/ftp. If it is you should
not experience any problems, well at least not for me ..
> - turn off anonymous FTP. You don't need, don't want it, and are setting
> yourself up for attack
> - read the Guest HOWTO.
> - ALL users should be guest users - no real users at all. This limits their
> view of the file system
>
> If you can, set up your network filters to only allow ftp connections from
> specific network segments.
>
> If you've only got a few users, consider using sftp or scp instead of ftp and
> then turn your ftp service off.
>
> There's always been the VERY good Linux Administrator's Security Guide. Read
> it, follow it, and sleep soundly at night.
>
> --
> Ed Wilts, Mounds View, MN, USA
> mailto:[EMAIL PROTECTED]
--
Geoffrey Lee <[EMAIL PROTECTED]>
§õªø·
Resignation from Wah Yan College, Hong Kong:
http://devel.mandrakesoft.com/~snailtalk/resignation.html
http://devel.mandrakesoft.com/~snailtalk
ftp://devel.mandrakesoft.com/pub/people/snailtalk
$/usr/games/fortune
Anything that can go wrong will go
Segmentation fault (core dumped)
$
