HolidayBuyer's Guide

Computer Help forum

General discussion

ftp server

by mharp002 / February 24, 2004 3:57 AM PST

I have an ftp server set up with windows 2000 server. Could someone tell me how I can see who has tried to authenticate and failed and who was successful and what time and so forth? Thanks

Discussion is locked
You are posting a reply to: ftp server
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: ftp server
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re:ftp server = security issue.
by R. Proffitt Forum moderator / February 24, 2004 4:01 AM PST
In reply to: ftp server

Remember that ftp passes name and passwords in the clear. If I was on the same network as the server, it would be trivial to run a packet sniffer and pick off the names and passwords. FTP is insecure so you can be assured that someday, you will have an issue.

Please consider a move to a secure server like you find at http://www.openssh.org

Bob

Collapse -
Re:Re:ftp server = security issue.
by mharp002 / February 24, 2004 11:40 AM PST

I know of the vulnerabilities of the server, I just want to know about a log and how to set it up so i can monitor the use of my ftp server. As far as the security issues, the only permission to the files on my server is read. So if someone was to get the password, would they be able to do any real damage?

Collapse -
Re:Re:Re:ftp server = security issue.
by R. Proffitt Forum moderator / February 24, 2004 12:09 PM PST

"I know of the vulnerabilities of the server, I just want to know about a log and how to set it up so i can monitor the use of my ftp server. As far as the security issues, the only permission to the files on my server is read. So if someone was to get the password, would they be able to do any real damage?"

I'll write yes. What is unknown is the make/version of the ftp server. Some have published and known exploits that can ignore the read-only that you think you have inplace. My approach has been to only use uptodate servers and secure ones so to mitigate the risk.

For strictly downloads, a simpler HTTP site with .htaccess can supply files plus most web servers have a log file.

Without knowing make/version of the ftp server, I can't guess if it has a log file.

Bob

Collapse -
Re:Re:Re:Re:ftp server = security issue.
by mharp002 / February 24, 2004 12:16 PM PST

the server is iis 2k server. Where can i find some info about .htaccess

Collapse -
ftp server = can be exploited.
by R. Proffitt Forum moderator / February 24, 2004 8:52 PM PST

"the server is iis 2k server."

Just one of dozens -> http://www.securiteam.com/exploits/5YP011575W.html

I point out this one since once an attacker gets CMD access, they can go wild. Be sure you have IIS updated to it's latest release. If you just installed off the CD, then its full of holes.

I must write that securing IIS is not what I'll tell you since it goes for many pages. Many part-time IIS installers wear blinders on the issue and "hope" nothing happens. Let me give you some light reading on securing IIS -> http://www.securityfocus.com/infocus/1312

Q. "Where can i find some info about .htaccess"

http://www.google.com/search?&q=HTACCESS

Collapse -
If you want a log, then you enable it.
by R. Proffitt Forum moderator / February 24, 2004 9:31 PM PST
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.