Re: Hacker

---

• From: "Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx>
• Date: Fri, 12 Oct 2007 14:41:33 +0800

---

Oh Well, that's the design which relies on windows accounts. I think the
concern should be more on how to 'secure' as well as renaming + NTFS
restriction etc when implementing IIS FTP. the new IIS 7 FTP component
supports none windows user and even able to hook up to asp.net membership
provider, etc.

bottom line is not the product, but rather how you deploy and configure it.

--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/


"Leythos" <void@xxxxxxxxxxx> wrote in message
news:MPG.2178a5cebf72a848989ab4@xxxxxxxxxxxxxxxxxxxx

In article <O9iUnWHDIHA.3548@xxxxxxxxxxxxxxxxxxxx>,
qbernard@xxxxxxxxxxxxxxxxxxx says...

Are you using MS FTP? If so, switch to FileZilla FTP server.

I'm just curious about this... how would this helps? and MS FTP is
vulnerable ?

MS FTP, if you're not using Anonymous access, and you should not be,
uses Windows accounts for authentication - bad move on a exposed server.

If you use FileZilla Server you don't have to create ANY windows
accounts for it and can create user/group accounts, IP limits, bandwidth
limits, read/write settings, etc....

I've used FileZilla Server on every exposed MS server that offers FTP
and found that we have no problems like we use to have with MS FTP.

Oh, and we don't do Front Page or Front Page Extensions.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)

.

---

• Follow-Ups:
  • Re: Hacker
    • From: Leythos

• References:
  • Hacker
    • From: John Parker
  • Re: Hacker
    • From: Leythos
  • Re: Hacker
    • From: Bernard Cheah [MVP]
  • Re: Hacker
    • From: Leythos

• Prev by Date: Re: Hacker
• Next by Date: Domain admins
• Previous by thread: Re: Hacker
• Next by thread: Re: Hacker
• Index(es):
  • Date
  • Thread

---

Relevant Pages [NT] FileZilla Server Terminal Buffer Overflow ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... It supports FTP, SFTP, and FTPS. ... A buffer overflow vulnerability has been discovered in FileZilla server ... cause the FileZilla Server Terminal process to crash (the FileZilla Server ... (Securiteam) Re: Hacker ... you may add extra security to IIS FTP: ... English blog: http://lordoftheping.blogspot.com ... uses Windows accounts for authentication - bad move on a exposed server. ... I've used FileZilla Server on every exposed MS server that offers FTP ... (microsoft.public.windows.server.security) Re: Hacker ... MS FTP, if you're not using Anonymous access, and you should not be, ... uses Windows accounts for authentication - bad move on a exposed server. ... I've used FileZilla Server on every exposed MS server that offers FTP ... Calling an illegal alien an "undocumented worker" is like calling a ... (microsoft.public.windows.server.security) Re: Securing FTP server on win2k ... >> If you are using FileZilla server, there are a couple settings, like ... >> Adding a directory for a user, then setting permissions, then a password ... I use it on Windows 2000 and 2003 servers (since MS FTP is very ... Are you running a firewall of some type by chance? ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2007-10