[oclug] Securing a sysem [was: knark attack]
godinp at videotron.ca
Thu Jan 18 18:36:13 EST 2001
Re wu-ftpd worm and knark attacks.
In short, no. The wu-ftpd suexec hole that it's talking about was fixed in
June, 2000. Now, if you're sloppy and haven't been updating security fixes,
then you could be in trouble.
> On Thu, 18 Jan 2001, Lafleur Maurice wrote:
> > You mean I should not run wu-ftpd at all, even the newest release?
> Yes. wu-ftpd is really bad. Terrible software. If you only need FTP
> for students to copy files around, you can use scp (part of SSH). If you
> think you need anonymous FTP, you probably don't. :-) You can implement
> read-only anonymous FTP using HTTP transfers instead, and you don't want
> read/write anonymous FTP access.
> I'll be giving a talk on SSH on 1 February at OCLUG.
> oclug mailing list
> oclug at lists.oclug.on.ca
More information about the OCLUG