Michael Lazin on 9 Jun 2011 06:16:25 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ftp on Linode

http://www.exploit-db.com/exploits/15449/

I believe this only effects proftpd 1.3.2a

On Thu, Jun 9, 2011 at 1:17 AM, Chris Nehren <c.nehren/plug@shadowcat.co.uk> wrote:
On Jun 8, 2011, at 20:15 , Douglas Muth wrote:

> On Wed, Jun 8, 2011 at 7:05 PM, Eric at Lucii.org <eric@lucii.org> wrote:
>>
>> I /have/ to set up ftp on a linode server for a customer to transfer files.  To
>> prevent the inevitable script kiddie attacks I'd like to restrict ftp to a
>> single IP or an IP range.
>>
> [snip]
>
> People are *still* using FTP?  I'm astonished.

Better question: people are *STILL* using ProFTPD? I'm astonished.

(actually I'm not, but I digress)

Try Googling 'proftpd remote root' sometime (or any similar query) if you want to be convinced into trying something that's not equivalent to giving crackers a free shell host. Try e.g. vsftpd or pureftpd if your client insists on FTP.

--
Thanks and best regards,
Chris Nehren

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



--
Michael Lazin

to gar auto estin noein te kai ennai

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug