November 20th, 2004, 12:42 AM
Tiger..
To respond to the FTP questions:
Yes, the FTP account(s) can be defined with rights to any portion of the filesystem (mount points).
As to the level of access, there is no "admin"...
November 19th, 2004, 11:23 PM
Both of you are still missing a basic point in the security of this server..
Just by brute-forcing an FTP password does not provide 'root' equivalency. What was the transition from FTP to...
November 19th, 2004, 02:08 PM
As an InfoSec consultant, I would tend to agree that containing the incident now is probably the most prudent approach.
However, with that being said - this individual obviously could use some...
November 18th, 2004, 07:06 PM
I'm just curious how this person gained "root" level access via your FTP site. Was some form of buffer-overflow exploited in addition to the FTP account brute-forcing? Also.. I assume you HAD to have...