>So my question to the sysadmins out there is: what's the best way to avoid
>this sort of thing, without installing a firewall and while still permitting
>ftp access?
>
>In re-reading the DEC Unix manpage for ftpd, it seems to me the weakest
>link is the guideline for the ~ftp/pub directory, which the manpage
>says to make owned by ftp and writeable by anyone. I've changed it
>to be owned by root and unwriteable except by root, but that may
>not be an option for folks who maintain public ftp archives that
>multiple users must be able to write to.
Make sure that no one logging in as anonymous can write to the ftp archive
(which it sounds like you did), and no one can log in as himself and upload
anything (which I'm not sure how to do). Allow only rsync, either with modules
or over ssh, to update the ftp space.
phma
_________________________________________________________________
Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm
Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers
