Re: anonymous ftp
vida@uni-freiburg.de wrote:
> Hi,
>
> i have some questions concerning anonymous FTP
> and uninvited users
>
> I run a Debian Linux machine in my office.
> I need FTP to be able to access my data
> from different (non-Linux) machines I have to use.
> The server is setup as suggested by the manual.
>
> Lately i had a constant barrage of logins from different sites mainly from .fr.
> There were often plenty of files uploaded in a complex directory structure
> so I gradually built up a nice list in my hosts.deny file.
> However, the barrage of login attempts doe not seem to vain.
> Could someone please explain me the motivation behind these "attacks"
> What is this good for? - i don't see the point, unless:
Pirates search on the net for FTP servers with anonymous access, then upload files
to complex hierarchies attempting to difficult the owner of the machine to find
them.
Then they publish your IP on lists of WaReZ FTP sites.
A free hard disk space and connection to the net provided by user ___ .
Your blacklist (hosts.deny) will grow indefinitely (oK :-> maybe not, but too
much),
and is an inefficient way to keep intruders out.
If you don't want uninvited users put "anonymous" and "ftp" in /etc/ftpusers IIRC,
and all the remaining users on your box, you don't want to have access.
(this is for the std FTP server on slink, it may depend on the FTP daemon that you
are
currently using, but it must have options to disallow unwanted access, RTM).
And you may block the services you are offering to the net, that you don't intend
to use,
or provide to the public.
Reply to: