From: P. U. (Uli) Kruppa <[EMAIL PROTECTED]>
Subject: anonymous-ftp cracked
Date: Wed, Sep 12, 2001 at 05:52:23PM +0200
> I am running -CURRENT (ok - though I do not know anything
> about computers)
Why are you running -CURRENT? Users that are running -CURRENT are expected to
be able to track relatively simple problems like this one, without asking tons
of questions. And this is not a problem of -CURRENT but of ftpd setup :-/
> and just found about about 624 MB trash in
> my /var/ftp - this is my anonymous-ftp -directory.
> It was disposed in a sub-directory
> ../incoming/tagged/byDj-krok .
You have not been cracked. Somebody just uses your writable /incoming
directory to store their data. Since they *do* have write access in there,
this is a legitimate use of your FTP server.
> What can I do (besides deleting this stuff)?
Do not allow write access in /var/ftp/incoming ?
Another common thing done in writable incoming/ directories is to create a
file of fixed size, say 100 Mb, and use vnconfig to mount this file as the
incoming/ directory of an FTP server. Then there's only about 100 Mb of
space available in your incoming/ and nobody can store tons of data in there,
wasting your disk space until disks are full.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message