The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anonymous FTP quota woes ... security issue?

Discussion in 'Security' started by qwerty, Jul 4, 2006.

Thread Status:
Not open for further replies.
  1. qwerty

    qwerty Well-Known Member

    Joined:
    Jan 21, 2003
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    16
    We have always had anon ftp enabled server wide (in WHM) and never had a problem. As far as I know, anonymous uploaded material always counted towards the main account holder's disk space quota.

    However today I noticed a user had been uploading gigs of data anonymously and it had NOT counted towards their quota as the owner:group of each file was "65535"

    This is with pure-ftpd by the way ...

    So I tried changing to proftpd and anon ftp doesn't seem to work with proftpd at all ie. anon logins are denied (yes I was using the correct format, ie ftp@domain and anonymous@domain)

    So the only option left was to turn off anon ftp server wide otherwise anon users could fill up the disk in no time as they have no set quotas.

    Is it just my imagination or has anonymously uploaded data counted towards the main account holder's disk quota before??? I can't believe that in so many years no one has abused this unlimited quota .. so I'm pretty sure it didn't used to be like this.

    What happened ???
     
  2. celliott

    celliott Well-Known Member

    Joined:
    Jan 2, 2006
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Firstly I would suggest you switch and use PureFTPd since it offers better performance among other things which ProFTPd doesnt have. Whether you have had rubbish uploaded or not, its a potential security risk and you need to make your server harder work for hackers and malicious scripts to get into.
     
  3. qwerty

    qwerty Well-Known Member

    Joined:
    Jan 21, 2003
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    16
    Have you even read my post ?

    1) We were always using PureFTPd. Proftpd doesn't even work with anon ftp at all. Besides the whole 'pureftpd is more secure than proftpd' BS is just a bunch of BS, but it's irrelevant now.

    2) "its not a potential security risk" that anyone can fill the /home partition by continuously uploading shit as anon until its full?

    3) "you need to make your server harder work for hackers and malicious scripts to get into."

    Your post is so enlightening and helpful, maybe you should copy/paste it into a few more threads that you don't read at all.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Please don't be rude on the forums - people come here in their own time to help where they can.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page