anonymous FTP used as a W@r3z Site
From: Greg Rollins (fdc0861@yahoo.com)
Date: 05/21/02
- Next message: Greg Rollins: "Re: allow users access to ftp"
- Previous message: Pete Reed: "User Password Created - then does not work"
- Next in thread: Paul Murray: "anonymous FTP used as a W@r3z Site"
- Reply: Paul Murray: "anonymous FTP used as a W@r3z Site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Greg Rollins" <fdc0861@yahoo.com> Date: Tue, 21 May 2002 16:41:58 -0500
Situation:
I've been in this sysadmin job for two years. We have an anonymous ftp site
that we've place out there for our customers to send us datafeeds. We have
asked them to use anonymous access only, no usernames, no passwords because
all this stuff is sent as clear text over the internet. We've given the
anonymous users write-access to our site so that we can receive these feeds
in a timely manner. Not long ago we began having problems with our users
sending their feeds to our FTP site. When I would check the event logs
(system) I would notice that the drive for our FTP site was getting full.
When I would check the event logs I could see that someone was making
directories and uploading very large files to my FTP server. The extensions
on the files were usually .mp3, .iso, .mpeg, .mov etc... I was being used
as a Warez site against my will. Directories were being created on my FTP
drive like COM1, COM2, AUX, LPT1 ,,,,,,,;;;;;;;Tagged by;;;;;;;,,,,,,,
Those of you that have experienced this know the deal. Win2K doesn't deal
with this very well. Explorer locks up. You get file doesn't exist
messages, all sorts of fun stuff. I searched groups on the net and pieced
together how to solve my problem. I'm posting this for folks that haven't
found the answer just yet.
First Read This http://www.xs4all.nl/~liew/startdivx/endofdeleters.txt
Then Read This http://www.jestrix.net/tuts/scan.html
Remedy:
Read this knowledge base article from Microsoft
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q120716
Install the Win2K Resource Kit and the POSIX tools. You have to copy them
by hand. They don't come over with the installer.
Follow the guidance in the KB article.
Search through your FTP logfiles for entries with folks doing naughty things
like creating directories, dumping files on you. Record their IP addresses.
Block access to those little nuisances using directory security in IIS
Manager.
I have customers that come from specific Class B IP address blocks. I grant
access only to those folks. I deny everyone else.
Things are getting better now.
Best of Luck
- Next message: Greg Rollins: "Re: allow users access to ftp"
- Previous message: Pete Reed: "User Password Created - then does not work"
- Next in thread: Paul Murray: "anonymous FTP used as a W@r3z Site"
- Reply: Paul Murray: "anonymous FTP used as a W@r3z Site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
