[nycbug-talk] Anonymous ftp upload questions
Mon Aug 22 11:31:20 EDT 2005
On Mon, 22 Aug 2005 10:54:34 -0400
Marco Scoffier <marco at metm.org> wrote:
> Hello all,
> I have set up an ftp server to get people to upload large files
> (images, videos). I was debating how to do this for a while, and
> decided that because of the technical naivet? of the uploaders,
> anonymous ftp would be the way to go, I do have an http upload page
> but some large files are 750M+ and ftp at least does resume partial
> Anyway I setup vsftpd, to allow anonymous uploads and block all
> downloads (don't want the warez kiddies using the server as a drop off
> point). But I am getting quite a few obvious warez uploads of
> 1mbtest.ptf and space.asp which looks like a script to get the
> characteristics of the server, which won't work because there is no
> http access to the machine.
> None of the uploads work, but I am kind of annoyed at these test
> uploads, but I'm thinking there is very little I can do about this.
> Any ideas? Anyone else have a similar set up? Would you set up a no
> privaledges account, rather than go anonymous, seems like more of a
> hassle to risk having a real user id and password, even with really
> restricted privs, going out over ftp.
I run vsftp on FreeBSD, it is great stuff. Anon is tough, I block it.
vsftp has a lot of flexibility, why not create a single user for them to
upload? I set their password using mysql auth, so no shell access. You
can use vsftp to tweak their rights.
Add group to /etc/groups ftpusers:*:201:ftpsecure
1. vipw and create account including group 201,
2. create directory in /usr/local/ftp and chown to new user
3. update the password database, (using mysql auth)
More information about the talk