Thread: Ftp security

    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2010
    Posts
    2
    Rep Power
    0

    Unhappy Ftp security


    Hey all
    I have question if you dont mind mee ask.
    I have apache, ftp and mysql installed in centos.
    when you enter the http : // ip address
    Apache gets the user name and password on page , checks with mysql and opens ftp to user
    however if I type the http : // ip address/ftp/ I am able to access all data without entering user and password which is kind of an open gate that we do not want.
    basically user ftp directory is /var/www/ftp and whoever types my server url and adds /ftp , he is able to see all ftp content. I do not know it is apache or ftp user issue

    I think I am missing somethings.
    Do you guys have any idea about that?
    all suggestions are more than welcome.
    thank you in advance
  2. #2
  3. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,105
    Rep Power
    5049
    Originally Posted by malesef
    Hey all
    I have question if you dont mind mee ask.
    I have apache, ftp and mysql installed in centos.
    when you enter the http : // ip address
    Apache gets the user name and password on page , checks with mysql and opens ftp to user
    however if I type the http : // ip address/ftp/ I am able to access all data without entering user and password which is kind of an open gate that we do not want.
    basically user ftp directory is /var/www/ftp and whoever types my server url and adds /ftp , he is able to see all ftp content. I do not know it is apache or ftp user issue

    I think I am missing somethings.
    Do you guys have any idea about that?
    all suggestions are more than welcome.
    thank you in advance
    What exactly is http://ip address/ftp ? How is your FTP server set up? Going to http:// will display a web page (or files). You can deny access to directory listings via Apache if this is what you want.

    However, if you meant that you typed ftp://ip address/ftp, then my question would be: When did you try this? If immediately after ftp://ip address, then the user/pass was probably stored on the machine (cookie or whatnot).
    "I don't need to get a life. I'm a gamer. I have lots of lives!"
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2010
    Posts
    2
    Rep Power
    0
    thank you
    You were right
    as you said "You can deny access to directory listings via Apache if this is what you want."
    httpd.conf
    To disable directory listing
    Options Indexes FollowSymLinks
    I just removed ‘Indexes’ from the line.
    I appreciate.
  6. #4
  7. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,105
    Rep Power
    5049
    Originally Posted by malesef
    thank you
    You were right
    as you said "You can deny access to directory listings via Apache if this is what you want."
    httpd.conf
    To disable directory listing
    Options Indexes FollowSymLinks
    I just removed ‘Indexes’ from the line.
    I appreciate.
    Glad you got it sorted... and thanks for posting back what you did.
    "I don't need to get a life. I'm a gamer. I have lots of lives!"

IMN logo majestic logo threadwatch logo seochat tools logo