From owner-freebsd-current  Thu Sep 13  1:47:53 2001
Delivered-To: freebsd-current@freebsd.org
Received: from lurza.secnetix.de (lurza.secnetix.de [212.66.1.130])
	by hub.freebsd.org (Postfix) with ESMTP id C05E337B401
	for <freebsd-current@FreeBSD.ORG>; Thu, 13 Sep 2001 01:47:50 -0700 (PDT)
Received: (from olli@localhost)
	by lurza.secnetix.de (8.9.3/8.9.3) id KAA43442;
	Thu, 13 Sep 2001 10:47:49 +0200 (CEST)
	(envelope-from oliver.fromme@secnetix.de)
Date: Thu, 13 Sep 2001 10:47:49 +0200 (CEST)
Message-Id: <200109130847.KAA43442@lurza.secnetix.de>
From: Oliver Fromme <olli@secnetix.de>
To: freebsd-current@FreeBSD.ORG
Reply-To: freebsd-current@FreeBSD.ORG
Subject: Re: anonymous-ftp cracked
In-Reply-To: <000801c13c0d$4969dac0$14ce21c7@avatar.com>
X-Newsgroups: list.freebsd-current
User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.1-RELEASE (i386))
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

[broken quoting fixed]

Kory Hamzeh <kory@avatar.com> wrote:
 > Ted Mittelstaedt wrote:
 > >   I've had a bit of experience with this sort of thing and I have
 > > to say that
 > > nobody should be running an open FTP server that allows uploading
 > > to anyone
 > > unless they are willing to take the time to monitor it - and I mean every
 > > day, preferably several times a day.
 > > [...]
 > 
 > Yup, I had some jerk constantly fill up the filesystem of the ftp directory
 > until I finally disabled all uploads. The ethics of some people just amazes
 > me.

If you absolutely need to have an anonymous upload directory,
it is probably a good idea to disable ls and read-permission
in that directory.  That way people can upload things, but
they can neither list nor download them without prior operator
intervention.

Regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"All that we see or seem is just a dream within a dream" (E. A. Poe)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message