anonymous FTP
Results 1 to 6 of 6

Thread: anonymous FTP

  1. #1
    Senior Member
    Join Date
    Jun 2004
    Posts
    379

    anonymous FTP

    i was just wornding about anonymous FTP say i set up an FTP server and i had anonymous logins enabled how would some one login anonymously and also would i be able to control what an anonymous user has access to.

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Depending on the server and the OS there's usually an allow anonymous logon variable (either text in a config, or a checkbox in the software)... you can turn it on through there.. then it's just username anonymous... password whatever (usually it'll say use your email address.. but as far as i knwo that's more for tracking than anything else)...

    As far as controlling it.. it'll either limit the anon access to the default pub directory.. or it'll have another variable you can change..

    If you are going to run something like this and ask for advice then you definately need to know which OS you're going to use and which software you are going to run....

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    There is a configuration option somewhere to allow most ftp daemons, when forking a new incarnation of themselves, to chroot() the new process to the home directory of the user connecting to it. An anonymous user could be chrooted to /home/ftp/pub, for example. This would make /home/ftp/pub appear to be the root of the filesystem to any anonymous user connecting via FTP. I'm not sure how to do it though, and it depends on which ftp program you are using.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  4. #4
    Senior Member
    Join Date
    Jun 2004
    Posts
    379
    Thank you for your information it has helped me a lot.

  5. #5
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Anonymous logins is a feature on most, if not all, ftp daemons and is one recommended to be off, unless completely secured in a variety of ways. As already mentioned, chroot'ing all logins into their either home directory (for actual users) and into a locked directory for anonymous logins, that's the first thing to do.

    This prevents things like this:

    Copying old-style /etc/passwd files. The ones using crypt()'d passwords which is incredibly easy to break.

    Seeing data that you don't want anonymous (and therefore, unknown) users to see.

    Just to name a few.

    A good ftp daemon that I (ab)use is VSFtpd (Very Secure FTP Daemon?) and can be located here for further information and the like.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  6. #6
    Senior Member
    Join Date
    Jun 2004
    Posts
    379
    thank you i will be looking into VSftpd.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •