From owner-freebsd-isp@FreeBSD.ORG Wed Feb 25 03:15:12 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF77816A4CF for ; Wed, 25 Feb 2004 03:15:12 -0800 (PST) Received: from mailout01.sul.t-online.com (mailout01.sul.t-online.com [194.25.134.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38F3743D1D for ; Wed, 25 Feb 2004 03:15:12 -0800 (PST) (envelope-from Alexander@Leidinger.net) Received: from fwd11.aul.t-online.de by mailout01.sul.t-online.com with smtp id 1Avx0B-0003bm-04; Wed, 25 Feb 2004 12:14:55 +0100 Received: from Andro-Beta.Leidinger.net (rAlAC-ZBoeYK54YqLMcG08h3pxZn0udW0-8vDnnhZsBAz2IRL3gkww@[80.131.119.223]) by fmrl11.sul.t-online.com with esmtp id 1Avwzw-0NXseG0; Wed, 25 Feb 2004 12:14:40 +0100 Received: from Magellan.Leidinger.net (Magellan.Leidinger.net [192.168.1.1]) i1PBEdOU024820; Wed, 25 Feb 2004 12:14:39 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from Magellan.Leidinger.net (netchild@localhost [127.0.0.1]) i1PBEcHp011728; Wed, 25 Feb 2004 12:14:38 +0100 (CET) (envelope-from Alexander@Leidinger.net) Date: Wed, 25 Feb 2004 12:14:38 +0100 From: Alexander Leidinger To: "Julian Stacey" Message-Id: <20040225121438.45571550@Magellan.Leidinger.net> In-Reply-To: <200402250358.i1P3wZeC004091@fire.jhs.private> References: <200402250358.i1P3wZeC004091@fire.jhs.private> X-Mailer: Sylpheed version 0.9.9claws (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Seen: false X-ID: rAlAC-ZBoeYK54YqLMcG08h3pxZn0udW0-8vDnnhZsBAz2IRL3gkww@t-dialin.net cc: freebsd-isp@freebsd.org cc: ewinter@ewinter.org cc: np@bsn.com Subject: Re: ftpd loop hole ? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 11:15:13 -0000 On Wed, 25 Feb 2004 04:58:35 +0100 (CET) "Julian Stacey" wrote: > Hi freebsd-isp@ people, CC np@bsn.com, ewinter@ewinter.org > > Has anyone else seen an exploit of standard ftpd on 4.9-RELEASE ? I haven't, but this doesn't mean there can't be one lurking around. > Some bandwidth thief uploaded videos to my ~ftp/ for bootleggers to download. > > How to stop a repeat occurence ? There's very few people have > logins on this machine, & I trust the people, & most of them aren't even > competent to achieve an intrusion. It was probably not an inside job. [config] It depends on the configuration. You had a ftp user and the ftpd wasn't configured to disallow anonymous logins. If the server depends upon the use of anonymous logins, and those guests have to be allowed to upload data and download the same data, there's nothing you can do about it. If you don't need anonymous - access, remove the ftp user - read access, use the -O option - write access, use an appropriate chmod command Bye, Alexander. -- I will be available to get hired in April 2004. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7