On Sun, 12 Nov 2000, J.L.Francois wrote: : Don't use wu-ftpd for a while. : Switch to ProFTPD and sleep better at night. If someone is not going to get fixes for known security problems with wu-ftpd, what advantage do they have with ProFTPD, which has also had it's fair share of security problems? Neither program could even remotely be considered "secure". See http://www.proftpd.net/security.html for more details. --Eric BTW, Armin, if you want a "secure" anonymous HTTP/FTP server, you may want to check out http://cr.yp.to/publicfile.html I don't have any direct experience with it, but I do have direct (and lengthy) experience with another package by the author called 'qmail', which has *no* known remote exploits. Not one (http://cr.yp.to/qmail/guarantee.html) Anyway, enough pimping for djb. YMMV. : For the holes, look at the RedHat site errata and alerts pages. : : JLF Sends... : : It seems like on Sun, Nov 12, 2000 at 01:05:26AM -0700, Armin Hartinger scribbled: : Orig Msg> drwxrwxrwx 7 110 203 4096 Nov 4 22:45 . : Orig Msg> drwxr-xr-x 14 110 203 4096 Sep 24 12:04 .. : Orig Msg> -rw-r--r-- 1 armin armin 2326 Sep 25 18:25 apache_pb.gif : Orig Msg> drwxrwxr-x 2 armin armin 4096 Sep 25 18:27 deborah : Orig Msg> drwxrwxrwx 4 armin armin 4096 Oct 10 14:45 dev : Orig Msg> -rw-r--r-- 1 root ftp 1431 Oct 24 20:06 index.html : Orig Msg> drwxrwxrwx 2 armin armin 4096 Nov 11 17:01 kristen : Orig Msg> drwxrwxrwx 3 armin armin 4096 Nov 11 16:08 lauren : Orig Msg> drwxrwxrwx 7 110 203 4096 Aug 16 1999 manual : Orig Msg> -rw-r--r-- 1 root ftp 66 Oct 24 20:04 old.html : Orig Msg> [armin@gateway /www]$ : Orig Msg> : Orig Msg> Someone hacked into my little Linux gateway box. He defaced index.html and saved the old one as old.html : Orig Msg> That he appears as root/ftp, is that an indication how he got in? : Orig Msg> : Orig Msg> I had anon. ftp running, using the default one RH 6.2 ships with (wu-2.6.0). : Orig Msg> : Orig Msg> I suppose I have to completely re-setup that box, I just would like to know what hole to close there. : Orig Msg> : Orig Msg> Any ideas? : Orig Msg> : Orig Msg> If anybody wants to see the deface before I fix by box: http://24.221.63.194/ : Orig Msg> : : ________________________________________________ : See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. : : Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us : http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss : --- Eric Johnson (ej@netasm.com) net.assembly http://netasm.com/ 12629 North Tatum Boulevard #191 602 996-9682 Phoenix, Arizona 85032