Re: My FTP access is very unsecure - advice requested
From: BerkHolz, Steven (spamtrap_at_Astrumtech.com)
Date: 11/03/04
- Next message: Fernando L. Arredondo: "Re: My FTP access is very unsecure - advice requested"
- Previous message: Fernando L. Arredondo: "Re: My FTP access is very unsecure - advice requested"
- In reply to: Fernando L. Arredondo: "Re: My FTP access is very unsecure - advice requested"
- Next in thread: Fernando L. Arredondo: "Re: My FTP access is very unsecure - advice requested"
- Reply: Fernando L. Arredondo: "Re: My FTP access is very unsecure - advice requested"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 3 Nov 2004 14:13:40 -0500
Do you have security set at the folder level for each user's folder?
Windows 200 will put them into their folder, but not restrict cd .. .
If not, it is most likely a legitimate user purposely storing things in the
wrong folder.
Look at the owner of the file. Who is it?
-- Steven BerkHolz Send to Domain TESCOGroup dot com, username SB Note: you may also want to know that you should never send mail to: blacklist-my-ip@admins.ws info@dautrap.uceprotect.net listme@sorbs.net spamtrap@sandes.dk spamtrap@stop.mail-abuse.org spamtrap@frankenbiker.de spamtrap@blars.org "Fernando L. Arredondo" <FernandoLArredondo@Yahoo.com> wrote in message news:0k9id.1284$nD6.760@fe2.texas.rr.com... > > Thank you for answering my questions, I was really going mad this morning. > > > There are tools available to the miscellaneous hackers out there that will > > search random IP addresses for FTP servers that are open to abuse. They > > tend to use the "anonymous" or "ftp" account. > > When I first leased my webserver, I learned almost immediately not to allow > anonymous write access to ftp (or http for that matter). > > > Have you checked the logs to ensure that these files are being created in > > the way you think? > > I've never examined the logs but I will enable them for future reading. > > > If the account whose password you changed is IUSR_<machine-name>, note > > that changing the password has no effect on users' ability to log on, > > because that account exists to allow anonymous logons to proceed. > > I never use accounts like that other than the default for http reading. For > ftp, I create a Windows user account and grant that account ftp read/write > access. > > > There are secure FTP servers available for even less than that - I'm sure > > some of the others here can recommend their personal favourites, but it > > would be inappropriate for me to do so. > > I was thinking about checking with the dedicated server company on upgrading > to a W2003 Server since it allows IP sharing for ftp (isolation mode). Will > W2003 allow, by default, for us to secure ftp accounts even if the IP is a > shared IP used by other websites and ftp sessions or is other 3rd party > software still necessary? > > Thanks again for your assistance. > >
- Next message: Fernando L. Arredondo: "Re: My FTP access is very unsecure - advice requested"
- Previous message: Fernando L. Arredondo: "Re: My FTP access is very unsecure - advice requested"
- In reply to: Fernando L. Arredondo: "Re: My FTP access is very unsecure - advice requested"
- Next in thread: Fernando L. Arredondo: "Re: My FTP access is very unsecure - advice requested"
- Reply: Fernando L. Arredondo: "Re: My FTP access is very unsecure - advice requested"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
