Re: Hackers Tag FTP Server; Can't Erase Folders, Files

From: Pamela Fong (fong@caltech.edu)
Date: 09/13/02 

From: "Pamela Fong" <fong@caltech.edu>
Date: Fri, 13 Sep 2002 09:03:43 -0700

We are in a university setting. The lab I support has
international collaborators, who don't know much about
Windows authentication. They need to transmit large
images and other documents to other lab members. It is
made difficult by flooding in Europe even to be able to
telephone them to give them any directions about
passwords, etc.

---Pam

>-----Original Message-----
>Thank you for the detailed suggestion. Another
>correspondent suggested removing the ability to create
>folders. I'll give this a shot first. If there are
still
>problems, I'll go with the solution you outlined.
>
>It's great to have all your folks advice.
>
>---Pam
>
>>-----Original Message-----
>>FYI - once you've rebuilt the server, I would suggest the
>>following:
>>
>>1. Create an NT "User" account for ftp use only.
>>2. Choose a drive that you can lockdown (at the drive
>>root)to maintain your ftp files - . Ensure Admins and
>>Domain Admins (if you're on a network) have full access
>and
>>EVERYONE [full access] is changed to EVERYONE [read]
>>3. Create a directory for ftp - apply NTFS permissions
>> - admins [full access],
>> - domain admins [full access],
>> - the ftp user you created. Right click the folder, go
>>to the security tab, select the ftp user account, select
>>the "advanced" button. On the "permissions" tab, again
>>select the ftp user account, then select the "View/Edit"
>>button. Ensure the account only has those permissions it
>>needs (i.e. do NOT allow it to create folders, change
>>attributes, etc.).
>>4. Now - TEST, TEST, TEST. Ensure that you cannot login
>>with a different account, the "correct" account cannot
>>create folders (only files), etc.
>>5. Watch your ftp logs - any IP attempting to hack in
>>should be added to the "deny access" list in the IIS
>>Console. Caveat - you're probably better off setting up
an
>>"allow access" list either through IIS or a firewall
>>(preferred) since the deny list is going to grow rapidly.
>>
>>ok - that's my free advice for the day. good luck and
>>ALWAYS review you logs each day unless you really don't
>>care if someone is trying to hack your environment....
>>
>>- shadowchimera
>>
>>btw - i don't take responsiblity for any of this. it is a
>>microsoft platform afterall :)
>>
>>
>>>-----Original Message-----
>>>>Our anonymous ftp dropbox running on W2K Pro keeps
>getting
>>>>tagged by hackers.
>>>
>>>Kinda think you'd learn after the first half-dozen times
>>or so... :)
>>>
>>>>There is one folder, however, that I cannot seem to
>delete
>>>>at all with DOS or POSIX tools. When I try to delete
>it,
>>>>it says I don't have access. In Windows, it doesn't
>have
>>>>a Security tag. And I'm unable to take ownership of
it
>>>>via taking ownership of the containing folder and
>>>>propagating it down to child contents.
>>>
>>>>Any suggestions how to delete this item, and how to
>>>>prevent future such difficult to delete items from
>being
>>>>deposited?
>>>
>>>Wipe the system and reinstall may be your only option,
>and
>>it's not a
>>>bad one. Why do you allow anonymous users the right to
>>create folders
>>>anyway? And are you sure you haven't been compromised in
>>other ways?
>>>
>>>Jeff
>>>.
>>>
>>.
>>
>.
>