From owner-freebsd-questions Thu Oct 18 12:32:14 2001 Delivered-To: freebsd-questions@freebsd.org Received: from happy.cow.org (happy.cow.org [198.88.20.7]) by hub.freebsd.org (Postfix) with ESMTP id B849837B40A for ; Thu, 18 Oct 2001 12:32:04 -0700 (PDT) Received: (from ravi@localhost) by happy.cow.org (8.11.4/8.11.3) id f9IJTFY48766; Thu, 18 Oct 2001 15:29:15 -0400 (EDT) Date: Thu, 18 Oct 2001 15:29:15 -0400 From: ravi pina To: Georgi Tyuliev Cc: questions@FreeBSD.ORG Subject: Re: 77M ./var/ftp/incoming/ com2/tagged 4 Lhotse by Xplosivo/filled by okunawa/tc2 Message-ID: <20011018152915.Q3456@happy.cow.org> Reply-To: ravi@cow.org References: <3BCF2AB3.CB8F4D56@e20.physik.tu-muenchen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3BCF2AB3.CB8F4D56@e20.physik.tu-muenchen.de>; from tyuliev@e20.physik.tu-muenchen.de on Thu, Oct 18, 2001 at 09:17:07PM +0200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG one of the drawbacks to allowing anyone to upload anonymously to the system is that anyone can upload anonymously to your system. :) the best way to handle it is to establish a quota for the ftp user, or even better, have it on its own file system that won't bother any others. the difficulty with removing the files and dirs is that they are named with control characters and such that you may not be able to see. the quickest way to get rid of the files is to run a shell with file-name completion as root. my shell of choice is tcsh. since it looks like there are only spaces prepending, just do: rm -r /var/ftp/incoming/\ * if you had icky control charaters there, you could hit tab after the space which would expand out. also don't forget to look for (dot) files... do a ls -la to see everything hope this helps. -r On Thu, Oct 18, 2001 at 09:17:07PM +0200, Georgi Tyuliev said at one point in time: > I am using FreeBSD-4.3 release and when I tried to make a telnet > I got a message telling that the filesystem is full. It appears that > /var/ftp/incoming > directory is filled maliciously by some attacker. Unfortunately I can > not > remove these files/directories, their behavior is strange. > How one should proceed in such cases, > Best regards, > Dr. Georgi Tyuliev > > Below is a part of the output from the commands: > "du -h" > > 497K ./var/ftp/bin > 4.0K ./var/ftp/etc > 1.0K ./var/ftp/pub > 1.0K ./var/ftp/incoming/ > 1.0K ./var/ftp/incoming/ com1 > 77M ./var/ftp/incoming/ com2/tagged 4 Lhotse by > Xplosivo/filled by okunawa/tc2 > 77M ./var/ftp/incoming/ com2/tagged 4 Lhotse by > Xplosivo/filled by okunawa > 77M ./var/ftp/incoming/ com2/tagged 4 Lhotse by > Xplosivo > 77M ./var/ftp/incoming/ com2 > 77M ./var/ftp/incoming > 78M ./var/ftp > 84M ./var > and > "ls -l" > > drwxr-xr-x 2 ftp operator 512 Oct 14 03:39 > drwxr-xr-x 3 ftp operator 512 Oct 14 13:37 com2 > drwxr-xr-x 2 ftp operator 512 Oct 14 13:33 com1 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- echo "send pgp key" | mail ravi@cow.org "God did not create the world in seven days; he screwed around for six days and then pulled an all-nighter." -- Unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message