[thelist] Article: Recovering from Anonymous FTP Abuse

[Minh Lee Goon]

The article posted on the evolt website is surely informative. I
appreciate the pointers that was provided. I do have a question that
wasn't addressed in the article, though.

As an alternative to using anonymous access, how can I set up accounts
on my server to use a controlled username:password environment? I only
have one IIS book, and it recommend anonymous access because passwords
are unencrypted otherwise. The evolt article already outlined the woes
of going this way. I can't do that anyway because of the multiple users
and user directories I have.

I'd like each user to have a unique username and password and home
directory when they log in to the server. I've tried setting up local
users on the server but I don't know how to assign them a home
directory. The FTP service on IIS only allows on directory, which, I
assume, caters to anonymous logins. Any suggestions on how I can get the
results I need?

I'd appreciate any information and direction you can give me. Thanks in
advance.


Minh Lee Goon
-------------
Web Administrator
Information Technology Services
South Dakota State University
Brookings, South Dakota