Buy
Schedule a Demo
Blog
Contact Us
HOSTING CONTROLLER
CLOUD AUTOMATION PLATFORM
Products
Solutions
Downloads
Support
Resources
About HC
Join us now!
Log in
/
Username
Password
Verification
Stay logged in
Login
Forgot Your Password?
Forgot your Username?
Haven't received registration validation E-mail?
User Control Panel
Log out
Forums
Posts
Latest Posts
Active Posts
Recently Visited
Search Results
View More
Blog
Recent Blog Posts
View More
Photos
Recent Photos
My Favorites
View More
Photo Galleries
PMs
Unread PMs
Inbox
Send New PM
View More
Page Extras
Menu
Forum Themes
Elegant
Progressive
Home
»
Blog
»
Annonomous FTP HACK
Community Stats
1 day
7 days
30 days
Max.
View More
Top Posters
There is no record available at this moment
Most Active Threads
There is no record available at this moment
Top Rated Posts
There is no record available at this moment
2006/01/17 05:03:15
online
Annonomous FTP HACK
Your system is allowing access to my machines via Annonomous FTP. This is allowing HACKERS to get in and use my system as a dumping ground. This is URGENT we need to fix this immediately. I see several other posts about this.
7 comments
Leave a comment
HC Team
We don¬t enable Anonymous FTP. You must have done something yourself. Please disable Anonymous Access from Default FTP Site in IIS and make sure you have sound security measures on your machine.
2006/01/17 09:34:40
Steve@VSK
HC by itself allows the creation of anonymous FTP access, that¬s what he means I think...
By the way, I can verify this ¬vulnerability¬...
Mate just ban the anonymous account from your FTP, hoping your FTP server has such a feature.
But I do believe that the fact that HC allows the creation of anonymous account is bad....
2006/01/18 05:04:43
HC Team
I am afraid I don¬t consider this is a vulnerbility. If you have allowed Anonymous FTP Access under Security Accounts tab for Default FTP Site then on every new FTP user created by HC may have anonymous access due to inheritance feature of IIS.
2006/01/18 12:39:38
Steve@VSK
I dunno about MS FTP, but it happens in Serv-U, even with the anonymous access disabled in Serv-u manager....
2006/01/20 08:31:56
HC Team
When you access any FTP created by HC, Does it prompt user name and password?
2006/01/20 14:24:47
Steve@VSK
What do you mean? When you create an account?
Yes it does offer to enter a username and a password, but what if you just put ¬Anonymous¬ as username, and nothing as the password, HC will take it and add the user....
2006/01/21 05:32:28
boonchuan
Just curious , what FTP server software are you using? MS FTP? If it is MS FTP, check your IIS FTP setting, remove the anonymous access, that shd solve it.
2006/01/24 05:03:15
Comments are closed.