FTP Hacking on the Rise 212
yahoi writes "The disco-era File Transfer Protocol (FTP) is making a comeback, but not in a good way — spammers are now using the old-school file transfer technology to serve up bot malware, and even as a backdoor into some enterprises that neglect to lock down their oft-forgotten FTP servers. Researchers at F-Secure have spotted a new wave of exploits that use FTP — rather than a malicious URL, or an email attachment — to deliver their malware payloads because few gateways scan for FTP attachments these days."
Different protocol, but same stupidity (Score:5, Informative)
The fact that a lot of gateways prevent certain actions based on the protocol just makes the "any key" users blindly click on stuff without worry - after all, they've "got protection"
When it comes to any infection vector that involves social engineering, your brain (should you choose to use it) is your best virus protection.
Re:Uh oh (Score:3, Informative)
Re:And the newest exploit... (Score:4, Informative)
Re:FTP attachments? (Score:3, Informative)
Er, that's because there's no such thing as an FTP attachment? If you are referring to links, then I'm not aware of any virus checkers that automatically download and check HTTP links either.
Can anybody translate this into something that makes sense?
F-Secure are FUDmeisters (Score:4, Informative)
Re:Big deal.. (Score:4, Informative)
Unfortunately there's a lot of software that simply does not support ssh/scp/sftp and will only work with FTP. Joomla is an example of a CMS that uses FTP to update template files and such that the web server can not write to. In this case you create an FTP server that listens on 127.0.0.1:21 and the PHP script, run under the web server user, FTPs to the host and logs in under a different user to upload the changes.
I've also got some business software that I run on my local machine that FTPs to my web server to upload new files. I really wish it would support ssh but it doesn't.
Maybe ssh tunnels are the way to go for such situations ? Either way FTP is still used for such circumstances. These programmers really need to get with the times.
FTP is BAD! About DAMN time THAT makes press (Score:4, Informative)
Re:Uh oh (Score:2, Informative)
Disco-era? It was first implemented in 1995.
Then why were people writing about it in 1971?
http://tools.ietf.org/html/rfc114 [ietf.org]
Re:Big deal.. (Score:3, Informative)
Re:Uh oh (Score:5, Informative)
I think you may have misunderstood. RFC 114 refers to FTP, which is from the 70s. The poster was talking about scp, which is certainly from the mid-90s.
Now, whether 1971 counts as disco-era is another question. I would say that it is pre-disco, since every school child knows that the disco era started with Soul Makossa [wikipedia.org] in 1973.
Re:And the newest exploit... (Score:4, Informative)
Re:Uh oh (Score:5, Informative)
Decisions, decisions.
Got hit by it (Score:4, Informative)
Obviously you have to have FTP and web servers on the same machine, otherwise your hosting customers can't upload their pages. To limit the potential damage, disable mod_userdir -- all your users should already have their own domain names anyway. And if you have any "email only" users {usually, these will be secondary mailbox accounts, i.e. when you have things like fred@freds-shed.org.uk going into one mailbox and charlie@freds-shed.org.uk going into another} whose only way of accessing files is by POP3 or IMAP, use a different shell for them. {I recommend
If you have users who want to use scp or fish to upload stuff, they'll have to have a Bourne-like shell such as
ntpd-exp.c (Score:3, Informative)
Re:Uh oh (Score:3, Informative)
Pay more attention... (Score:3, Informative)