From owner-freebsd-questions Tue Oct 16 20:45: 2 2001 Delivered-To: freebsd-questions@freebsd.org Received: from moutvdom01.kundenserver.de (moutvdom01.kundenserver.de [195.20.224.200]) by hub.freebsd.org (Postfix) with ESMTP id A0D8F37B407 for ; Tue, 16 Oct 2001 20:44:57 -0700 (PDT) Received: from [195.20.224.208] (helo=mrvdom01.schlund.de) by moutvdom01.kundenserver.de with esmtp (Exim 2.12 #2) id 15thYy-0007pD-00; Wed, 17 Oct 2001 05:40:12 +0200 Received: from pd901724b.dip.t-dialin.net ([217.1.114.75]) by mrvdom01.schlund.de with esmtp (Exim 2.12 #2) id 15thYx-0001k5-00; Wed, 17 Oct 2001 05:40:12 +0200 Date: Wed, 17 Oct 2001 03:39:22 +0000 (GMT) From: "P. U. (Uli) Kruppa" X-X-Sender: To: Scott Gerhardt Cc: Sol , Subject: Re: ftp security In-Reply-To: <3BCCA414.477CCC8A@gerhardt-it.com> Message-ID: <20011017032837.L58889-100000@big> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I had exactly the same thing happening to me. I simply deleted the 625 MB (!) trash and was never 'tagged' again. You have to decide if you need a world-writable incoming file or not. If not, set it to read-only and that was it. If yes, have a look at incoming every now and then, which is what it is there for, anyway. Uli. On Tue, 16 Oct 2001, Scott Gerhardt wrote: > There was an /incoming/Taggeg/by/PS2H/ directory with nothing in it > > > Sol wrote: > > > > Hi, > > > > I've had this sort of thing happen myself. Both times it turned out to be pirates that basically "wardial" looking for anonymous ftp sites with decent badwidth to host their "warez". They'll use it until you discover them stealing the bandwidth and then move on. Whether or not you want to reinstall is determined by your paranoia and/or security policies. Did you discover what the files were? > > > > -- > > Sol > > > > Somewhere around Tue, Oct 16, 2001 at 02:57:33PM -0600, Scott Gerhardt wrote: > > > Thanks Tim, > > > > > > Wouldn't a complete reinstall be overkill when it only "appears" that > > > someone put some mysterious files in an anonymous ftp incoming > > > directory? > > > > > > It's not like someone cracked into the system, putting files in > > > /var/ftp/pub/incoming is normal. Unless, the ftpd that comes with > > > FreeBSD 4.4-Release has a gaping security hole I don't know about. > > > > > > The default ftpd that comes with FreeBSD chroot's anonymous users and > > > has builtin commands so it should be quite secure, right? > > > > > > > > > - Scott > > > > > -- > ------------------------------------ > Scott Gerhardt, P.Geo. > Gerhardt Information Technologies > 306.227.5290 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > ************************************ * P. U. Kruppa - Wuppertal * * Germany * * www.pukruppa.de www.2000d.de * ************************************ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message