Date: Mon, 30 Apr 2001 10:58:36 -0700 (PDT) From: Linh Pham <lplist@closedsrc.org> To: Zhihui Zhang <zzhang@cs.binghamton.edu> Cc: <freebsd-questions@freebsd.org> Subject: Re: incoming FTP troubles Message-ID: <Pine.BSF.4.33.0104301055080.79508-100000@q.closedsrc.org> In-Reply-To: <Pine.SOL.4.21.0104301323090.1316-100000@onyx>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2001-04-30, Zhihui Zhang scribbled: # I created a anonymous FTP account but forgot to delete it during the # weekend. Today I find the / is full and I check the files under /var/ftp: # # total 3 # drwxrwxrwt 3 root operator 512 Apr 30 13:35 . # drwxr-xr-x 7 14 operator 512 Apr 28 14:24 . TAGGED BY RROKDOKA # dr-xr-xr-x 6 root operator 512 Apr 24 13:40 .. # -rw-r--r-- 1 root operator 0 Apr 30 13:35 abc # # mercury# pwd; du # /var/ftp # 489 ./bin # 4 ./etc # 161 ./pub # 1 ./incoming/. TAGGED BY RROKDOKA/1 [snip] # 16893 . # # What is exactly happening? How to get rid of this in the future? This means that hackers/crackers are exploiting the default anonymous FTP permissions :) Since the incoming/ directory (in your case) was left as read/write to the world... that's bad and shouldn't be allowed anyways :) What I would do is blow away the incoming/ directory and make sure that only root/operator should have read/write access where everyone else has read-only access. -- Linh Pham [lplist@closedsrc.org] // 404b - Brain not found To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0104301055080.79508-100000>