Thanks all for guiding me , but as yet things have not improved. Well as for cracking vs hacking , the word was used un-intentionally, I understand that many of my posts use hack instead of crack. May be wrong habit.
My ftp server (proftpd) is perhaps the cause of the problem. Let me explain (our modus operandi) : - Suppose you have a site : www.xyz.com , we give him a shell/user account xyz , and obviously he can ftp in as : username xyz and upload files to his home directory , which will then be seen on his site (because the document root is the same as his home directory) . Let us leave aside the mail service for the time being since I firmly suspect ftp. - Now xyz tries to ftp : ftp xyz.com Connected to xyz.com Username : xyz Password : This is where proftpd troubles me : Any password will suffice ! And you can upload any file ! This makes things easy for the 'cracker'. - How would you make sure proftpd strictly follows the OS's passwords ? Details of proftpd : Runs from inetd. I shall greatly appreciate any help . Would listers mind sending me their conf file for proftpd with comments , I am desperate. Thanks in advance , and thanks to all who have offered help, Shyam Arvind wrote: > Suresh Ramasubramanian wrote: > | [EMAIL PROTECTED] (Arvind) [Thursday, September 19, 2002 > | 12:50 PM]: > | > ||| - Use /etc/hosts.deny to deny access to all remote > ||| machines > || > || anybody can post a sample hosts.deny file ? > | > | hosts.deny is deprecated. hosts.allow is the way to go ... > | > | less /etc/hosts.allow to see an example with lots of comments (on > | redhat, debian etc etc). > | > | -suresh > > its empty man, thats why i wanted someone to send a sample. > > Arvind > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > linux-india-help mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/linux-india-help ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
