From owner-freebsd-questions Mon Apr 30 11: 5:36 2001 Delivered-To: freebsd-questions@freebsd.org Received: from q.closedsrc.org (ip233.gte15.rb1.bel.nwlink.com [209.20.244.233]) by hub.freebsd.org (Postfix) with ESMTP id 44DD337B422 for ; Mon, 30 Apr 2001 11:05:33 -0700 (PDT) (envelope-from lplist@closedsrc.org) Received: by q.closedsrc.org (Postfix, from userid 1003) id 9F1B955407; Mon, 30 Apr 2001 10:58:36 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by q.closedsrc.org (Postfix) with ESMTP id 914F551610; Mon, 30 Apr 2001 10:58:36 -0700 (PDT) Date: Mon, 30 Apr 2001 10:58:36 -0700 (PDT) From: Linh Pham To: Zhihui Zhang Cc: Subject: Re: incoming FTP troubles In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 2001-04-30, Zhihui Zhang scribbled: # I created a anonymous FTP account but forgot to delete it during the # weekend. Today I find the / is full and I check the files under /var/ftp: # # total 3 # drwxrwxrwt 3 root operator 512 Apr 30 13:35 . # drwxr-xr-x 7 14 operator 512 Apr 28 14:24 . TAGGED BY RROKDOKA # dr-xr-xr-x 6 root operator 512 Apr 24 13:40 .. # -rw-r--r-- 1 root operator 0 Apr 30 13:35 abc # # mercury# pwd; du # /var/ftp # 489 ./bin # 4 ./etc # 161 ./pub # 1 ./incoming/. TAGGED BY RROKDOKA/1 [snip] # 16893 . # # What is exactly happening? How to get rid of this in the future? This means that hackers/crackers are exploiting the default anonymous FTP permissions :) Since the incoming/ directory (in your case) was left as read/write to the world... that's bad and shouldn't be allowed anyways :) What I would do is blow away the incoming/ directory and make sure that only root/operator should have read/write access where everyone else has read-only access. -- Linh Pham [lplist@closedsrc.org] // 404b - Brain not found To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message