[thelist] Article: Recovering from Anonymous FTP Abuse

Scott Dexter sgd at ti3.com
Wed Jan 30 15:34:02 CST 2002


The problem with this set up is that users can still CD to the root
directory, and while they can't see the other users' contents, they can
still see the other usernames, which you might find sensitive (we do)

Install a different ftp server, like FTP-ServU or warftpd; IIS doesn't
really do home directories well....

sgd
--
work: http://ti3.com/
non: http://thinksafely.org/

> >
> > I'd like each user to have a unique username and password and home
> > directory when they log in to the server. I've tried
>
> Here's what my experience has found (on IIS4):
> * For each user, create a Windows NT account with a username
> and password.
> You'll have to pay close attention to security to make sure
> these accounts
> only have access to where they're allowed.
> * Disable Anonymous Access for the FTP service.
> * Under the ftproot directory, create a directory for each
> user, with the
> folder name the same as the username. This folder will then
> automatically
> become the home directory. To the best of my (limited)



More information about the thelist mailing list