Description

This article is from the Anonymous FTP FAQ, by Christopher Klaus cklaus@iss.net with numerous contributions by others.

5. How to Know if your Anonymous FTP Server is Secure

This section is intended for the administrator to go down a small check list of things to make sure his server is not easily compromised.

1. Check to make sure your ftp server does not have SITE EXEC command by telneting to port 21 and typing SITE EXEC. If your ftp daemon has SITE EXEC make sure it is the most current version (ie, Wu-FTP 2.4). In older versions this allows anyone to gain shell via port 21.

2. Check to make sure no one can log in and make files or directories in the main directory. If anyone can log in as anonymous FTP and make files such as .rhosts and .forward, instant access is granted to any intruder.

3. Check to make sure the main directory is NOT owned by ftp. If it is owned by FTP, an intruder could SITE CHMOD 777 the main directory and then plant files to give him instant access. SITE CHMOD command should be removed because anonymous users do not need any extra priviledges.

4. Check to make sure NO files or directories are owned by ftp. If they are, it is possible an intruder could replace them with his own trojan versions.

5. There were several bugs in old daemons, so it is very important to make sure you are running the most current ftp daemons.

Continue to:

• prev: 4. Where to get other FTP daemons
• Index
• next: 6. Archie