Re: FTP incoming directory. Damned Hooligans.
On 2003-01-06 00:35, Ryan Thompson [EMAIL PROTECTED] wrote: Alvaro Gil wrote to [EMAIL PROTECTED]: I was trying to upload some stuff on my server today and I realized the /user partition was 100% full. After investigating a bit I found that the public ftp incoming directory I had set up for some friends as full of directories and sub directories. If you still for some reason need to grant anonymous upload privilege (I can't really see why), then I'd advise looking into a more sophisticated FTP daemon that can implement storage quotas. (ProFTPd is one such application). Alternatively, you could always limit the /incoming directory by creating a sufficiently large file and mounting that with vnconfig. This has the added advantage that it works regardless of the specific ftpd program that is used :) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FTP incoming directory. Damned Hooligans.
At 2003-01-06T05:21:16Z, Alvaro Gil [EMAIL PROTECTED] writes: I was trying to upload some stuff on my server today and I realized the /user partition was 100% full. After investigating a bit I found that the public ftp incoming directory I had set up for some friends as full of directories and sub directories. Personally, I can't think of a good reason to keep FTP (anonymous or otherwise) around. There's almost *never* a case where I want anonymous visitors to upload to my side, and friends can use SFTP. I'm starting to prefer HTTP for distributing files, since you can use any sort of high-level authentication you want and come up with per-file algorithms to determine who can download what. -- Kirk Strauser In Googlis non est, ergo non est. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FTP incoming directory. Damned Hooligans.
Adam Maas said: Anonymous FTP right? The more sophisticates warez kiddies have taken to scanning networks for anonymous ftp servers, and then loading them up with their warez/pr0n and giving out trhe IP. Had it happen to a few customers (I work Tech Support for Major Evil Backbone Provider). Next time give them logins to the box and always disable anonymous FTP. for my previous company I setup an anonymous ftp server. It was pretty locked down, it worked very well though. I used proftpd, since it had acls which overrode filesystem permissions. the anonymous user had 2 directories, which were invisible unless you knew the name(not hard to guess but still): incoming - anyone can upload, nobody can list files, nobody can download files outgoing - anyone can download, nobody can list files, nobody can upload files there was a special account that the staff used to manage the files on the system. this made it easy for them to upload a file to outgoing with this account and email the url ftp://some.ftp.server/outgoing/filename.zip or whatever, and it would download, but unless you knew the filename you couldn't get anything. This worked out better then providing accounts for each customer. The company had such a system inplace earlier and it was a total mess. Provided the employee made a sufficiently obscure filename(anything but filename.zip!) It was enough to prevent unauthorized downloads of files. and when trying to list files, the server wouldn't return an error like permission denied it would just show nothing. Never had a problem with them warez kids using it :) (that is, they never could ..) Incase your interested i trying such a configuration, this is what I used: Anonymous ~ftp DisplayLogin welcome.msg User ftp Group ftp UserAlias anonymous ftp MaxClients10 DisplayLogin welcome.msg DisplayFirstChdir .message Limit WRITE DenyAll /Limit Directory incoming Limit LIST NLST WRITE MKD RMD RETR RNFR RNTO DELE DenyAll /Limit Limit STOR AllowAll /Limit /Directory Directory outgoing Limit LIST NLST READ MKD RMD RNFR RNTO DELE DenyAll /Limit Limit RETR AllowAll /Limit /Directory /Anonymous nate To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FTP incoming directory. Damned Hooligans.
Anonymous FTP right? The more sophisticates warez kiddies have taken to scanning networks for anonymous ftp servers, and then loading them up with their warez/pr0n and giving out trhe IP. Had it happen to a few customers (I work Tech Support for Major Evil Backbone Provider). Next time give them logins to the box and always disable anonymous FTP. --Adam - Original Message - From: Alvaro Gil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 06, 2003 12:21 AM Subject: FTP incoming directory. Damned Hooligans. I was trying to upload some stuff on my server today and I realized the /user partition was 100% full. After investigating a bit I found that the public ftp incoming directory I had set up for some friends as full of directories and sub directories. Some said scanned by pitbull. Is this some kind of worm floating around. Unfortunately I had to 86 the incoming directory. Damned Internet hooligans. -- Alvaro Gil http://www.AlvaroGil.com '84 Volvo 242 Turbo (Silver) 15 psi '97 Leopard Gecko (White, Yellow, Black) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FTP incoming directory. Damned Hooligans.
And Pitbull is likely just the handle of one of those hooligans. --Adam - Original Message - From: Adam Maas [EMAIL PROTECTED] To: [EMAIL PROTECTED]; Alvaro Gil [EMAIL PROTECTED] Sent: Monday, January 06, 2003 12:24 AM Subject: Re: FTP incoming directory. Damned Hooligans. Anonymous FTP right? The more sophisticates warez kiddies have taken to scanning networks for anonymous ftp servers, and then loading them up with their warez/pr0n and giving out trhe IP. Had it happen to a few customers (I work Tech Support for Major Evil Backbone Provider). Next time give them logins to the box and always disable anonymous FTP. --Adam - Original Message - From: Alvaro Gil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 06, 2003 12:21 AM Subject: FTP incoming directory. Damned Hooligans. I was trying to upload some stuff on my server today and I realized the /user partition was 100% full. After investigating a bit I found that the public ftp incoming directory I had set up for some friends as full of directories and sub directories. Some said scanned by pitbull. Is this some kind of worm floating around. Unfortunately I had to 86 the incoming directory. Damned Internet hooligans. -- Alvaro Gil http://www.AlvaroGil.com '84 Volvo 242 Turbo (Silver) 15 psi '97 Leopard Gecko (White, Yellow, Black) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FTP incoming directory. Damned Hooligans.
Alvaro Gil wrote to [EMAIL PROTECTED]: I was trying to upload some stuff on my server today and I realized the /user partition was 100% full. After investigating a bit I found that the public ftp incoming directory I had set up for some friends as full of directories and sub directories. This last happened to us about 3 years ago, at which time I noted granting any sort of upload permission to anonymous FTP was a bad idea. At least without limits in place. Some said scanned by pitbull. Is this some kind of worm floating around. Not that I'm aware of. Most likely as another poster suggested. Unfortunately I had to 86 the incoming directory. Damned Internet hooligans. If you still for some reason need to grant anonymous upload privilege (I can't really see why), then I'd advise looking into a more sophisticated FTP daemon that can implement storage quotas. (ProFTPd is one such application). That won't prevent 'attacks' like this, but it will at least mitigate the impact on storage, other users, and traffic charges. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
