Annonomous FTP HACK

Your system is allowing access to my machines via Annonomous FTP. This is allowing HACKERS to get in and use my system as a dumping ground. This is URGENT we need to fix this immediately. I see several other posts about this.

We don¬t enable Anonymous FTP. You must have done something yourself. Please disable Anonymous Access from Default FTP Site in IIS and make sure you have sound security measures on your machine.

HC by itself allows the creation of anonymous FTP access, that¬s what he means I think...

By the way, I can verify this ¬vulnerability¬...

Mate just ban the anonymous account from your FTP, hoping your FTP server has such a feature.

But I do believe that the fact that HC allows the creation of anonymous account is bad....

I am afraid I don¬t consider this is a vulnerbility. If you have allowed Anonymous FTP Access under Security Accounts tab for Default FTP Site then on every new FTP user created by HC may have anonymous access due to inheritance feature of IIS.

I dunno about MS FTP, but it happens in Serv-U, even with the anonymous access disabled in Serv-u manager....

When you access any FTP created by HC, Does it prompt user name and password?

What do you mean? When you create an account?

Yes it does offer to enter a username and a password, but what if you just put ¬Anonymous¬ as username, and nothing as the password, HC will take it and add the user....

Just curious , what FTP server software are you using? MS FTP? If it is MS FTP, check your IIS FTP setting, remove the anonymous access, that shd solve it.