Anonymous FTP Read and Write Enabled - Directories & Files added!

From: Toby Jones (LostIn_OC@Yahoo.com)
Date: 03/24/03

• Next message: Toby Jones: "Re: Anonymous FTP Read and Write Enabled - Directories & Files added!"
• Previous message: Greg Brown: "Re: Viewing Word Documents"
• Next in thread: Toby Jones: "Re: Anonymous FTP Read and Write Enabled - Directories & Files added!"
• Reply: Toby Jones: "Re: Anonymous FTP Read and Write Enabled - Directories & Files added!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Toby Jones" <LostIn_OC@Yahoo.com>
Date: Mon, 24 Mar 2003 01:01:46 GMT

I stupidly enabled both "Read" and "Write" access for Anonymous FTP a few
days ago on a W2k web server hosting about 12 different web sites.

Today, I noticed several "new" directories and subdirectories containing
many files. I also noticed about 60 current sessions connected to FTP.
Everyone was immediately disconnected and I disabled anonymous FTP and
corrected its security.

Fortunately, none of the folders accessible by FTP had the "Execute" ability
enabled, otherwise, I would imagine that things would have been much worse.

1. I cannot delete any of the folders and subfolders created by these
people. I am getting "cannot read from the source file or disk" errors on
some and "cannot find the specified file" on others when I attempt to
delete. I did notice that the folder accessible by FTP increased in size by
approx. 1.5 GB. What can I do?

2. Why were there different people (or IPs) connected via FTP? In other
words, what were they doing?

 and unfortunately, I cannot delete any of it.

---

• Next message: Toby Jones: "Re: Anonymous FTP Read and Write Enabled - Directories & Files added!"
• Previous message: Greg Brown: "Re: Viewing Word Documents"
• Next in thread: Toby Jones: "Re: Anonymous FTP Read and Write Enabled - Directories & Files added!"
• Reply: Toby Jones: "Re: Anonymous FTP Read and Write Enabled - Directories & Files added!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Nobody proposing new uk newsgroups - why ? ... I must confess that I've never had a text-only browser, ... >>> usage tapered off when people got their own web sites. ... And, just as FTP ... > FTP usage to actually download other people's stuff. ... (uk.net.news.config) Re: Blocking FTP by username ... It works with web sites because publishing Web Sites is based on Reverse Web ... Proxying instead of NAT and that is capable of handling the authentication. ... I don't remember if there is any kind of System Policy on the FTP Server to ... (microsoft.public.isa.publishing) Re: I need Intel iMac Info ... >> I'll need an ftp solution that will allow me to ... >> access our web sites to perform ... > OS X will directly *read* an FTP site, but can't write or modify it ... The built in command line FTP has full ... (comp.sys.mac.system) FTP and Web permission ... their web sites remotely, i.e. downloading and uploading ... I have tried using ftp to accomplish this. ... enabling a ftp account for each user, ... (microsoft.public.win2000.security) Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How ... A couple of related points about FTP vs. SFTP... ... First FTP is a clear text protocol. ... My second point regarding FTP is how it is being used by the malware ... common ways that web sites are being hacked. ... (Pen-Test)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)