From owner-freebsd-questions Wed Oct 17 7:42:12 2001 Delivered-To: freebsd-questions@freebsd.org Received: from sage-american.com (sage-american.com [216.122.141.44]) by hub.freebsd.org (Postfix) with ESMTP id 0ACCD37B444 for ; Wed, 17 Oct 2001 07:41:57 -0700 (PDT) Received: from sageone (ppp-208-191-234-222.dialup.crchtx.swbell.net [208.191.234.222]) by sage-american.com (8.9.3/8.9.3) with SMTP id JAA07313; Wed, 17 Oct 2001 09:40:29 -0500 (CDT) Message-Id: <3.0.5.32.20011017094052.01973238@mail.sage-american.com> X-Sender: jacks@mail.sage-american.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 17 Oct 2001 09:40:52 -0500 To: "P. U. (Uli) Kruppa" , Scott Gerhardt From: jacks@sage-american.com Subject: Re: ftp security Cc: Sol , In-Reply-To: <20011017032837.L58889-100000@big> References: <3BCCA414.477CCC8A@gerhardt-it.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ...or if uploads are to be allowed, set up a cron job to scan the directory and email you at regular intervals.... that way, stuff won't be there undiscovered very long... At 03:39 AM 10.17.2001 +0000, P. U. (Uli) Kruppa wrote: > >I had exactly the same thing happening to me. >I simply deleted the 625 MB (!) trash and was never 'tagged' >again. >You have to decide if you need a world-writable incoming >file or not. >If not, set it to read-only and that was it. >If yes, have a look at incoming every now and then, which is >what it is there for, anyway. > >Uli. > > >On Tue, 16 Oct 2001, Scott Gerhardt wrote: > >> There was an /incoming/Taggeg/by/PS2H/ directory with nothing in it >> >> >> Sol wrote: >> > >> > Hi, >> > >> > I've had this sort of thing happen myself. Both times it turned out to be pirates that basically "wardial" looking for anonymous ftp sites with decent badwidth to host their "warez". They'll use it until you discover them stealing the bandwidth and then move on. Whether or not you want to reinstall is determined by your paranoia and/or security policies. Did you discover what the files were? >> > >> > -- >> > Sol >> > >> > Somewhere around Tue, Oct 16, 2001 at 02:57:33PM -0600, Scott Gerhardt wrote: >> > > Thanks Tim, >> > > >> > > Wouldn't a complete reinstall be overkill when it only "appears" that >> > > someone put some mysterious files in an anonymous ftp incoming >> > > directory? >> > > >> > > It's not like someone cracked into the system, putting files in >> > > /var/ftp/pub/incoming is normal. Unless, the ftpd that comes with >> > > FreeBSD 4.4-Release has a gaping security hole I don't know about. >> > > >> > > The default ftpd that comes with FreeBSD chroot's anonymous users and >> > > has builtin commands so it should be quite secure, right? >> > > >> > > >> > > - Scott >> > > >> >> -- >> ------------------------------------ >> Scott Gerhardt, P.Geo. >> Gerhardt Information Technologies >> 306.227.5290 >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> > >************************************ >* P. U. Kruppa - Wuppertal * >* Germany * >* www.pukruppa.de www.2000d.de * >************************************ > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > Best regards, Jack L. Stone, Server Admin Sage-American http://www.sage-american.com jacks@sage-american.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message