[ydl-gen] Attempted hack of FTP server

[Christopher Murtagh]

On 8/29/06, Eric Dunbar <eric.dunbar at gmail.com> wrote:
> In vsftpd.user_list there's a reference to another solution for
> blocking users. The file "/etc/vsftpd.ftpusers" contains a list of
> users to deny, and (as far as I can tell), it does ask for a password
> (unlike .user_list won't when it's DENYing users) so a potential
> hacker won't even be able to discover user names on the system.

vsftpd won't reveal that either. It asks you for a username and
password. If they fail, the message returned is invalid password (or
something like that) regardless of the username. If you switch to
something that only asks for the password for confirmed users, then
you're giving away information about user accounts on your system.


> Plus, it doesn't really matter if that account is compromised since
> nothing personal is available through that account (though, it could
> be used to distribute files, I guess).

 Yeah, an open ftp spot will get abused pretty quickly if it is
discovered. Although, if you want to fill your drive with random porn,
warez and malware, leaving an open ftp server is a good way to to it.
:-) I had a friend who did exactly that (he was researching
virus/malware), and he would put an unpatched PC on the network, use a
firewall to prevent it from spamming and infecting others (so outbound
connections from it were blocked), and just wait. He said on average
it took a day or two for the machine to be compromised and have it's
drive full. No machine lasted more than a week. So, I guess Windows is
good for something. :-)

Cheers,

Chris