[EMAIL PROTECTED] wrote:
> My ftp server has suffered its first (to my knowledge) hacker penetration.
>
First of all, I take offence at the use of the term "hacker" here. I would
havthought most people following this list are knowledgeable enough to make the
distinction - what GIMPS for example does is hacking, what the "script-kiddies"
did with Amazon etc. is best characterized as cracking. These peoplere crackers -
they go around cracking software licenses/copy protection and site security. By
definition you can never "secure" your sytem against them, since breaking into
systems is what they do. You can make it harder, or not (seemingly) wort their
trouble.
As somebody else alreaaid, though, it doesn't look like what you were dealing with
were crackers, either, or DoS attacks for that matter. You were just dealing with
somebody who thouht they had found an open server to store and share their
cracks/scripts on. Because these files are borderline-illegal, they try to sneak
them in without the systems adminstration knowing.
> So my question to the sysadmins out there is: what's the best way to avoid
> this sort of thing, without installing a firewall and while still permitting
> ftp access?
>
Permit only read access, no write access. If you need to keep write access, set up
a quota on the FTP user/daemon (Or better yet, put the FTP directory on separate
filesystem from the rest of the system) and allow writing only on /incoming, but
disable reading from that directory. This leaves possible abusers with no
incencitive to upload files.
If you need to allow write access to certain directories to certain people, set
them up with accounts with needed access to the FTP directories.
-Jukka Santala
_________________________________________________________________
Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm
Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers
