Date: Wed, 12 Sep 2001 21:16:32 +0300 From: Giorgos Keramidas <charon@labs.gr> To: "P. U. (Uli) Kruppa" <root@pukruppa.de> Cc: current@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: anonymous-ftp cracked Message-ID: <20010912211632.A65756@hades.hell.gr> In-Reply-To: <20010912174347.Q1009-100000@pukruppa.de>; from root@pukruppa.de on Wed, Sep 12, 2001 at 05:52:23PM %2B0200 References: <20010912174347.Q1009-100000@pukruppa.de>
next in thread | previous in thread | raw e-mail | index | archive | help
From: P. U. (Uli) Kruppa <root@pukruppa.de> Subject: anonymous-ftp cracked Date: Wed, Sep 12, 2001 at 05:52:23PM +0200 > I am running -CURRENT (ok - though I do not know anything > about computers) Why are you running -CURRENT? Users that are running -CURRENT are expected to be able to track relatively simple problems like this one, without asking tons of questions. And this is not a problem of -CURRENT but of ftpd setup :-/ > and just found about about 624 MB trash in > my /var/ftp - this is my anonymous-ftp -directory. > It was disposed in a sub-directory > ../incoming/tagged/byDj-krok . You have not been cracked. Somebody just uses your writable /incoming directory to store their data. Since they *do* have write access in there, this is a legitimate use of your FTP server. > What can I do (besides deleting this stuff)? Do not allow write access in /var/ftp/incoming ? Another common thing done in writable incoming/ directories is to create a file of fixed size, say 100 Mb, and use vnconfig to mount this file as the incoming/ directory of an FTP server. Then there's only about 100 Mb of space available in your incoming/ and nobody can store tons of data in there, wasting your disk space until disks are full. -giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010912211632.A65756>