Date: Tue, 16 Oct 2001 14:57:33 -0600 From: Scott Gerhardt <scott@gerhardt-it.com> To: Tim Erlin <tperlin@yahoo.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ftp security Message-ID: <3BCC9F3D.B91ADBB3@gerhardt-it.com> References: <20011016195434.58399.qmail@web11705.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Tim, Wouldn't a complete reinstall be overkill when it only "appears" that someone put some mysterious files in an anonymous ftp incoming directory? It's not like someone cracked into the system, putting files in /var/ftp/pub/incoming is normal. Unless, the ftpd that comes with FreeBSD 4.4-Release has a gaping security hole I don't know about. The default ftpd that comes with FreeBSD chroot's anonymous users and has builtin commands so it should be quite secure, right? - Scott Tim Erlin wrote: > > You'll see on this list numerous times the caveat(or > something similar): "Once a box has been compromised, > there is no way other than a complete re-install to be > sure that you have fixed/cleaned/removed the damage > done." > > If you're paranoid, this would be such a case, I would > think. > > --Tim > > --- Scott Gerhardt <scott@gerhardt-it.com> wrote: > > I just set up a FreeBSD 4.4-Release box and enabled > > anonymous ftp during > > the install. > > > > Within 24 hours I noticed a "/Tagged/by/PS2H/" > > directory under > > /var/ftp/pub/incoming. > > > > I couldn't find any good documentation on this, but > > came accross lots of > > other "Tagged" ftp sites when doing a google search > > on "ftp incoming > > tagged". > > > > My conclusion is that this is a common thing and is > > only slightly > > malicous to the extent of ftp uploads consuming disk > > space. I would > > guess it is just script kiddies trying to find a > > place to store porn. Am > > I correct? > > > > Since I don't need anonymous uploads enabled, I did > > the following: > > 1.) Deleted everything under /var/ftp/pub including > > /incoming > > 2.) Turned on ftpd logging verbose '-l -l' > > > > > > With logging on I noticed that there are still > > anonymous requests to > > create "@@Tagged@@_" directories. > > > > > > Is there anything else I should know? > > > > > > - Paranoid > > > > > > -- > > ------------------------------------ > > Scott Gerhardt, P.Geo. > > Gerhardt Information Technologies > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of > > the message > > __________________________________________________ > Do You Yahoo!? > Make a great connection at Yahoo! Personals. > http://personals.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- ------------------------------------ Scott Gerhardt, P.Geo. Gerhardt Information Technologies 306.227.5290 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BCC9F3D.B91ADBB3>