Hello all.

I'm running vsFTP at home and I would like some (security) advice about my configuration.

It runs as an anonymous server and all logins are chrooted to a specific folder on a separated HD.

1.Is only anonymous better than local/virtual logins?

The idea of having only an anonymous server is because of the "big red button". The "big red button" saying "DO NOT PUSH" and every one pushes it.

There is no challenge to hack the server, no password, no nothing, just some files there... get the idea?

I want to upload so I have a hidden folder (hide_file={whatever}) wich only I know.

2. Is this a good thing? I mean is it possible to get all the folders even those who are not visible?

The firewall was configured with one of those iptables generator with permission for FTP server and passive ports.

3. If someone has nothing to do and decides "I'm gonna hack some ftp server today" and tries hack my machine. Something like flooding it or some other thing. How can I ban some IP for 1 or 2 hours if I get more than 20 connection attempts from that same address?

What do you have to say about my server?

Thanks,
Hyakutake

PS: It's the first time I get into mounting a server so please be kind to me

The general problem with FTP in general, apart from vulnerabilities in more than a few FTP daemons, weak password settings, the login being insecure (sniffable plain text), is that (if uploading is allowed) it can be (ab)used to try elevate access. How this works depends on for instance what access the user is allowed and what services are running on the host and how they interact (overly broad access rights, misconfiguration). For example, if you're not allowed to bring certain stuff on the system, you could try and upload it and execute there, of if you don't have an account but can upload, maybe a vulnerable service allows you to access and execute (or include) the file.

Restricting access is a good start. A local account means the user has an account on the system he/she can login with, a virtual account means the user has an account on the system only in the scope of this service: he or she cannot use it for anything else. Anonymous access means the user can only access the server under a specific inert account like for instance the "ftp" user. The "problem" with anonymous access is that everybody resides in one "class" and you cannot restrict their movements atomically like you can with virtual users. If a user doesn't need to upload then anonymous access should be enough, if you need to restrict access then a virtual user account should be considered. Only in a few circumstances the user should be given an account on the system.


If you have read the VSFTP docs carefully you know that it only stops people from the files or dirs being *listed* (ls), the docs explicitly warn that if people *know* the names they can access it.


Depends on how you run VSFTP. If you run it from (X)inetd then you can set up limiters in the VSFTP Xinetd config file. If you run VSFTP as standalone or need more measures you can iptables modules like "recent" or equivalent to limit access.

Thanks unSpawn

I know ftp is a bit old and not too trustable but I find it easy to configure.

I think I'll try virtual logins and see what it gives.

Thanks for your reply,
Hyakutake