[nycbug-talk] Anonymous ftp upload questions

bruno bruno
Mon Aug 22 11:50:36 EDT 2005


On Mon, Aug 22, 2005 at 10:54:34AM -0400, Marco Scoffier wrote:
> Hello all, 
> 
> I have set up an ftp server to get people to upload large files (images,
> videos).  I was debating how to do this for a while, and decided that
> because of the technical naivet? of the uploaders, anonymous ftp would
> be the way to go, I do have an http upload page but some large files are
> 750M+ and ftp at least does resume partial uploads.
> 
> Anyway I setup vsftpd, to allow anonymous uploads and block all
> downloads (don't want the warez kiddies using the server as a drop off
> point).  But I am getting quite a few obvious warez uploads of 1mbtest.ptf
> and space.asp which looks like a script to get the characteristics of
> the server, which won't work because there is no http access to the
> machine.
> 
> None of the uploads work, but I am kind of annoyed at these test uploads,
> but I'm thinking there is very little I can do about this.  Any ideas?
> Anyone else have a similar set up?  Would you set up a no privaledges
> account, rather than go anonymous, seems like more of a hassle to risk
> having a real user id and password, even with really restricted privs,
> going out over ftp.

Yes, a few times. Ended up with a nice collection of software. :)

I'm sure they test downloads also, if you disabled it you should be
fine. If not, just clean it up every few hours and they will give up.
Watch for hidden directories, or tricks like adding spaces behind dir
names. 

This is the nature of the Internet..

-bruno




More information about the talk mailing list