got cracked!
Eric Johnson
ej@netasm.com
Sun, 12 Nov 2000 19:57:28 -0700 (MST)
On Sun, 12 Nov 2000, J.L.Francois wrote:
: Don't use wu-ftpd for a while.
: Switch to ProFTPD and sleep better at night.
If someone is not going to get fixes for known security problems with
wu-ftpd, what advantage do they have with ProFTPD, which has also had
it's fair share of security problems? Neither program could even remotely
be considered "secure".
See http://www.proftpd.net/security.html for more details.
--Eric
BTW, Armin, if you want a "secure" anonymous HTTP/FTP server, you may want
to check out http://cr.yp.to/publicfile.html I don't have any direct
experience with it, but I do have direct (and lengthy) experience with
another package by the author called 'qmail', which has *no* known remote
exploits. Not one (http://cr.yp.to/qmail/guarantee.html) Anyway, enough
pimping for djb. YMMV.
: For the holes, look at the RedHat site errata and alerts pages.
:
: JLF Sends...
:
: It seems like on Sun, Nov 12, 2000 at 01:05:26AM -0700, Armin Hartinger scribbled:
: Orig Msg> drwxrwxrwx 7 110 203 4096 Nov 4 22:45 .
: Orig Msg> drwxr-xr-x 14 110 203 4096 Sep 24 12:04 ..
: Orig Msg> -rw-r--r-- 1 armin armin 2326 Sep 25 18:25 apache_pb.gif
: Orig Msg> drwxrwxr-x 2 armin armin 4096 Sep 25 18:27 deborah
: Orig Msg> drwxrwxrwx 4 armin armin 4096 Oct 10 14:45 dev
: Orig Msg> -rw-r--r-- 1 root ftp 1431 Oct 24 20:06 index.html
: Orig Msg> drwxrwxrwx 2 armin armin 4096 Nov 11 17:01 kristen
: Orig Msg> drwxrwxrwx 3 armin armin 4096 Nov 11 16:08 lauren
: Orig Msg> drwxrwxrwx 7 110 203 4096 Aug 16 1999 manual
: Orig Msg> -rw-r--r-- 1 root ftp 66 Oct 24 20:04 old.html
: Orig Msg> [armin@gateway /www]$
: Orig Msg>
: Orig Msg> Someone hacked into my little Linux gateway box. He defaced index.html and saved the old one as old.html
: Orig Msg> That he appears as root/ftp, is that an indication how he got in?
: Orig Msg>
: Orig Msg> I had anon. ftp running, using the default one RH 6.2 ships with (wu-2.6.0).
: Orig Msg>
: Orig Msg> I suppose I have to completely re-setup that box, I just would like to know what hole to close there.
: Orig Msg>
: Orig Msg> Any ideas?
: Orig Msg>
: Orig Msg> If anybody wants to see the deface before I fix by box: http://24.221.63.194/
: Orig Msg>
:
: ________________________________________________
: See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
:
: Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
:
---
Eric Johnson (ej@netasm.com) net.assembly
http://netasm.com/ 12629 North Tatum Boulevard #191
602 996-9682 Phoenix, Arizona 85032