February 28th, 2010, 09:15 PM
|
 |
Contributing User
|
|
Join Date: Mar 2004
Location: Kostolac, Serbia
|
|
Secure your FTP server immediately by chrooting its users since its clear that you don't want anyone taking a peak at your /etc/passwd etc.  That way you will limit all your users to access only their home folders.
If you are using vsftp then you can simply open the /etc/vsftpd/vsftpd.conf and change the chroot_local_user setting to look like the following line
Code:
chroot_local_user=YES
. If there is none add it right at the end of the file.
After that restart vsftpd with
Code:
service vsftpd restart
.
That is the obvious reason why you are able to traverse that web server the way you do it.
As for the second question you might be better of with using ncftp or similar, more secure, client. The method you are using is considered to be obsolete now from a security point of view although that might not be the biggest problem you have currently considering you server setup 
__________________
PHP Code:
<?php
abstract class Ignorance extends Stupidity implements Unavoidable {
public static $humiliation;
private function __construct(){
parent::__destruct();
};
}
?>
Last edited by holodoc : February 28th, 2010 at 09:19 PM.
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
