From owner-freebsd-current  Thu Sep 13 16:50:34 2001
Delivered-To: freebsd-current@freebsd.org
Received: from aurora.sol.net (aurora.sol.net [206.55.65.76])
	by hub.freebsd.org (Postfix) with ESMTP
	id A6AD337B410; Thu, 13 Sep 2001 16:50:28 -0700 (PDT)
Received: (from jgreco@localhost)
	by aurora.sol.net (8.9.3/8.9.2/SNNS-1.02) id SAA51099;
	Thu, 13 Sep 2001 18:50:27 -0500 (CDT)
From: Joe Greco <jgreco@ns.sol.net>
Message-Id: <200109132350.SAA51099@aurora.sol.net>
Subject: Re: anonymous-ftp cracked
To: freebsd-questions@FreeBSD.ORG, current@FreeBSD.ORG,
	jacks@sage-american.com
Date: Thu, 13 Sep 2001 18:50:27 -0500 (CDT)
X-Mailer: ELM [version 2.5 PL3]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

> Ted: I've been watching this one because I've HAD to allow uploads to
> incoming because of a need for such a place article submissions from our
> Tech mag website from 175+ countries.
> 
> Your tips for monitoring (like the script for a daily listing of the
> directory) are so simple and obvious it put a smile on my face. Thanks! LUV
> this list!

Assuming you're using wuftpd:

You may have to allow incoming, but perhaps you don't have to allow
downloads of /incoming.  Think about it.  :-)

Alternatively, wuftpd has a very nice notification feature that will mail
you when something is submitted.  Some of us do have good reasons for
allowing both-way incoming access.  Make sure your /incoming directory is
unreadable in any case...

> From ftp@snarchive.sol.net  Thu Sep 13 18:42:44 2001
> Return-Path: <ftp@snarchive.sol.net>
> Date: Thu, 13 Sep 2001 18:42:41 -0500 (CDT)
> From: wu-ftpd <ftp@snarchive.sol.net>
> Subject: New file uploaded: file.tmp
> To: undisclosed-recipients:;
> 
> jgreco@ uploaded /incoming/file.tmp from 206.55.xxx.xxx.
> File size is 504586240.
> Please move the file where it belongs.

This has the advantage of being almost instantaneous.

After an @Home wanker decided to fill a few gigabytes on snarchive,
creating a denial-of-service to the legitimate users, I turned this
on.  Now when somebody tries to use me for their warez, I accidentally
corrupt a bunch of bytes in their files.

So far, they seem to have gotten the message, because I've only seen
one unauthorized file attempted upload this week.  >:->
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message