Tilted Forum Project Discussion Community - View Single Post

ratbastid · 06-26-2004, 05:40 PM

Sailor's right: burn the drive and reinstall. There's no such thing as "cleaning up" a hacked box.

FTP servers aren't very secure, but they're a necessary evil sometimes. At least make sure that whatever you install is up to date. If you install a year-old version, you'll get portscanned and banner-IDed and whatever vulnerabilities in that old version will be exploited in no time. As you found--you can be hacked within minutes of putting the service live.

When I HAVE to use FTP I install ProFTPd. I've never had it hacked. That and $3.75 gets you a Venti Latte.

There are lots of GUI tools for setting up an iptables firewalling script. Go to freshmeat and search for iptables firewall. Close every port except ftp and http. Also, make sure you don't accidentally have any other services running. Run nmap against the server and see what you get--you can be sure that the script kiddies will!

06-26-2004, 05:40 PM	#14 (permalink)
ratbastid Darth Papa Location: Yonder	Sailor's right: burn the drive and reinstall. There's no such thing as "cleaning up" a hacked box. FTP servers aren't very secure, but they're a necessary evil sometimes. At least make sure that whatever you install is up to date. If you install a year-old version, you'll get portscanned and banner-IDed and whatever vulnerabilities in that old version will be exploited in no time. As you found--you can be hacked within minutes of putting the service live. When I HAVE to use FTP I install ProFTPd. I've never had it hacked. That and $3.75 gets you a Venti Latte. There are lots of GUI tools for setting up an iptables firewalling script. Go to freshmeat and search for iptables firewall. Close every port except ftp and http. Also, make sure you don't accidentally have any other services running. Run nmap against the server and see what you get--you can be sure that the script kiddies will!