From owner-freebsd-questions  Sun Jan  5 22:35:47 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 43B2137B401
	for <questions@FreeBSD.ORG>; Sun,  5 Jan 2003 22:35:46 -0800 (PST)
Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 75AD243EC2
	for <questions@FreeBSD.ORG>; Sun,  5 Jan 2003 22:35:45 -0800 (PST)
	(envelope-from ryan@sasknow.com)
Received: from earl.sasknow.net (earl.sasknow.net [207.195.92.130])
	by ren.sasknow.com (8.11.6/8.11.6) with ESMTP id h066Zd001380;
	Mon, 6 Jan 2003 00:35:39 -0600 (CST)
	(envelope-from ryan@sasknow.com)
Received: from ren (ren.sasknow.com [207.195.92.131])
	by earl.sasknow.net (8.12.6/8.12.6) with ESMTP id h066ZdCL065993;
	Mon, 6 Jan 2003 00:35:39 -0600 (CST)
	(envelope-from ryan@sasknow.com)
Date: Mon, 6 Jan 2003 00:35:39 -0600 (CST)
From: Ryan Thompson <ryan@sasknow.com>
To: Alvaro Gil <alvaro@vrx.net>
Cc: questions@FreeBSD.ORG
Subject: Re: FTP incoming directory.  Damned Hooligans.
In-Reply-To: <p05111702ba3ec12b0d4a@[192.168.1.100]>
Message-ID: <20030106002857.P74359-100000@ren.sasknow.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Audit: Email processed by earl.sasknow.com filter
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Alvaro Gil wrote to questions@FreeBSD.ORG:

> I was trying to upload some stuff on my server today and I realized
> the /user partition was 100% full.  After investigating a bit I
> found that the public ftp incoming directory I had set up for some
> friends as full of directories and sub directories.

This last happened to us about 3 years ago, at which time I noted
granting any sort of upload permission to anonymous FTP was a bad
idea. At least without limits in place.

> Some said "scanned by pitbull".  Is this some kind of worm floating
> around.

Not that I'm aware of. Most likely as another poster suggested.

> Unfortunately I had to 86 the incoming directory.  Damned Internet
> hooligans.

If you still for some reason need to grant anonymous upload privilege
(I can't really see why), then I'd advise looking into a more
sophisticated FTP daemon that can implement storage quotas. (ProFTPd
is one such application). That won't prevent 'attacks' like this, but
it will at least mitigate the impact on storage, other users, and
traffic charges.

- Ryan

-- 
  Ryan Thompson <ryan@sasknow.com>

  SaskNow Technologies - http://www.sasknow.com
  901-1st Avenue North - Saskatoon, SK - S7K 1Y4

        Tel: 306-664-3600   Fax: 306-244-7037   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message