got cracked!

Eric Johnson ej@netasm.com
Sun, 12 Nov 2000 19:57:28 -0700 (MST)


On Sun, 12 Nov 2000, J.L.Francois wrote:
: Don't use wu-ftpd for a while.
: Switch to ProFTPD and sleep better at night.

If someone is not going to get fixes for known security problems with
wu-ftpd, what advantage do they have with ProFTPD, which has also had
it's fair share of security problems? Neither program could even remotely
be considered "secure".

See http://www.proftpd.net/security.html for more details.

	--Eric

BTW, Armin, if you want a "secure" anonymous HTTP/FTP server, you may want
to check out http://cr.yp.to/publicfile.html  I don't have any direct
experience with it, but I do have direct (and lengthy) experience with
another package by the author called 'qmail', which has *no* known remote
exploits. Not one (http://cr.yp.to/qmail/guarantee.html) Anyway, enough
pimping for djb. YMMV.

: For the holes, look at the RedHat site errata and alerts pages.
: 
: JLF Sends...
: 
: It seems like on Sun, Nov 12, 2000 at 01:05:26AM -0700, Armin Hartinger scribbled:
: Orig Msg> drwxrwxrwx    7 110      203          4096 Nov  4 22:45 .
: Orig Msg> drwxr-xr-x   14 110      203          4096 Sep 24 12:04 ..
: Orig Msg> -rw-r--r--    1 armin    armin        2326 Sep 25 18:25 apache_pb.gif
: Orig Msg> drwxrwxr-x    2 armin    armin        4096 Sep 25 18:27 deborah
: Orig Msg> drwxrwxrwx    4 armin    armin        4096 Oct 10 14:45 dev
: Orig Msg> -rw-r--r--    1 root     ftp          1431 Oct 24 20:06 index.html
: Orig Msg> drwxrwxrwx    2 armin    armin        4096 Nov 11 17:01 kristen
: Orig Msg> drwxrwxrwx    3 armin    armin        4096 Nov 11 16:08 lauren
: Orig Msg> drwxrwxrwx    7 110      203          4096 Aug 16  1999 manual
: Orig Msg> -rw-r--r--    1 root     ftp            66 Oct 24 20:04 old.html
: Orig Msg> [armin@gateway /www]$                                                          
: Orig Msg> 
: Orig Msg> Someone hacked into my little Linux gateway box. He defaced index.html and saved the old one as old.html
: Orig Msg> That he appears as root/ftp, is that an indication how he got in?
: Orig Msg> 
: Orig Msg> I had anon. ftp running, using the default one RH 6.2 ships with (wu-2.6.0).
: Orig Msg> 
: Orig Msg> I suppose I have to completely re-setup that box, I just would like to know what hole to close there.
: Orig Msg> 
: Orig Msg> Any ideas?
: Orig Msg> 
: Orig Msg> If anybody wants to see the deface before I fix by box: http://24.221.63.194/
: Orig Msg> 
: 
: ________________________________________________
: See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
: 
: Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
: 

---
Eric Johnson (ej@netasm.com)                                net.assembly
http://netasm.com/                      12629 North Tatum Boulevard #191
602 996-9682                                      Phoenix, Arizona 85032