From: P. U. (Uli) Kruppa <[EMAIL PROTECTED]>
Subject: anonymous-ftp cracked
Date: Wed, Sep 12, 2001 at 05:52:23PM +0200

> I am running -CURRENT (ok - though I do not know anything
> about computers)

Why are you running -CURRENT?  Users that are running -CURRENT are expected to
be able to track relatively simple problems like this one, without asking tons
of questions.  And this is not a problem of -CURRENT but of ftpd setup :-/

> and just found about about 624 MB trash in
> my /var/ftp -  this is my anonymous-ftp -directory.
> It was disposed in a sub-directory
> ../incoming/tagged/byDj-krok .

You have not been cracked.  Somebody just uses your writable /incoming
directory to store their data.  Since they *do* have write access in there,
this is a legitimate use of your FTP server.

> What can I do (besides deleting this stuff)?

Do not allow write access in /var/ftp/incoming ?

Another common thing done in writable incoming/ directories is to create a
file of fixed size, say 100 Mb, and use vnconfig to mount this file as the
incoming/ directory of an FTP server.  Then there's only about 100 Mb of
space available in your incoming/ and nobody can store tons of data in there,
wasting your disk space until disks are full.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to