Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Disable Anon FTP BROKEN

Discussion in 'General Discussion' started by autumnwalker, Jan 12, 2005.

  1. autumnwalker

    autumnwalker Member

    Jan 5, 2005
    Likes Received:
    Trophy Points:
    In WHM i click on disable anon ftp access , it says complete. Then i click the FTP Configuration tab again and it still says enabled. I click disable again and same thing. Im using Pureftp. I noticed the button also says switch to Pureftp. Shouldn't it say switch to proftp? Help, i need to disable anon access.

    I did a vunerability scan on my box and these results came up:

    The remote FTP server is vulnerable to a SQL injection when
    it processes the USER command.

    An attacker may exploit this flaw to log into the remote host
    as any user.

    Solution : If the remote server is ProFTPd, upgrade to ProFTPD 1.2.10 when
    available, or switch the SQL backend to PostgreSQL.

    Risk Factor : High
    BUGTRAQ_ID : 7974
    NESSUS_ID : 11768
    The remote FTP server closes
    the connection when a command is too long or is given
    a too long argument.

    This probably due to a buffer overflow, which
    allows anyone to execute arbitrary code
    on the remote host.

    This problem is threatening, because
    the attackers don't need an account
    to exploit this flaw.

    Solution : Upgrade your FTP server or change it
    Risk factor : High

    I switched to purftp becuse i saw in a thread people said it was better. But i can't disable anon login and it has security problems. How do i patch it or switch back to proftp?
    #1 autumnwalker, Jan 12, 2005
    Last edited: Jan 12, 2005

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice