Adam Maas said:
> Anonymous FTP right?
>
> The more sophisticates warez kiddies have taken to scanning networks for
> anonymous ftp servers, and then loading them up with their warez/pr0n and
> giving out trhe IP. Had it happen to a few customers (I work Tech Support
> for Major Evil Backbone Provider).
>
> Next time give them logins to the box and always disable anonymous FTP.

for my previous company I setup an anonymous ftp server. It was pretty
locked down, it worked very well though. I used proftpd, since it had
acls which overrode filesystem permissions. the anonymous user had 2
directories, which were invisible unless you knew the name(not hard to
guess but still):

incoming - anyone can upload, nobody can list files, nobody can download
files

outgoing - anyone can download, nobody can list files, nobody can upload
files

there was a special account  that the staff used to manage the files on
the system. this made it easy for them to upload a file to outgoing with
this account and email the url

ftp://some.ftp.server/outgoing/filename.zip

or whatever, and it would download, but unless you knew the filename
you couldn't get anything. This worked out better then providing accounts
for each customer. The company had such a system inplace earlier and
it was a total mess. Provided the employee made a sufficiently obscure
filename(anything but filename.zip!) It was enough to prevent unauthorized
downloads of files.

and when trying to list files, the server wouldn't return an error like
permission denied it would just show nothing. Never had a problem with them
warez kids using it :) (that is, they never could ..)

Incase your interested i trying such a configuration, this is what
I used:

<Anonymous ~ftp>
  DisplayLogin                  welcome.msg
  User                          ftp
  Group                         ftp
  UserAlias                     anonymous ftp
  MaxClients                    10
  DisplayLogin                  welcome.msg
  DisplayFirstChdir             .message

  <Limit WRITE>
    DenyAll
  </Limit>
<Directory incoming>
<Limit LIST NLST WRITE MKD RMD RETR RNFR RNTO DELE>
 DenyAll
</Limit>
<Limit STOR>
 AllowAll
</Limit>
</Directory>
<Directory outgoing>
<Limit LIST NLST READ MKD RMD RNFR RNTO DELE>
 DenyAll
</Limit>
<Limit RETR>
 AllowAll
</Limit>
</Directory>
</Anonymous>

nate




To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to