<html>
<body>
Is there a way to enforce password complexity rules? I.e. no
dictionary words, minimum length, must contain two upper alpha, two lower
alpha, two numeric, two special characters<br><br>
At 09:08 AM 12/28/2005, you wrote:<br>
<blockquote type=3Dcite class=3Dcite cite=3D"">I've had servers in the past
where my customers set up accounts like user sam with password sam.
Hackers use scripts to guess common usernames with common passwords. Then
they upload files to the user's directories. From there they try to hack
your server with php or perl scripts.<br><br>
What I do is add the <Limit LOGIN> section to the
/etc/proftpd.conf to not allow logins from users that are not
siteadmins.<br>
If a non-siteadmin user actually needs FTP, then I will add them
manually.<br><br>
So the global section of my profptd.conf looks something like:<br><br>
<Global><br>
TimesGMT off<br>
DefaultChdir ../../web site-adm<br>
<Limit SITE_CHMOD><br>
AllowAll<br>
</Limit><br>
IdentLookups off<br>
MaxClientsPerUser 5<br>
DeferWelcome on<br>
<Limit LOGIN><br>
DenyAll<br>
AllowGroup site-adm<br>
AllowUser admin<br>
</Limit><br>
ServerIdent off<br>
</Global><br>
UseReverseDNS off<br><br>
<br><br>
----<br><br>
Ken Marcus<br>
Precision Web Hosting<br>
<a href=3D"http://www.precisionweb.net/" eudora=3D"autourl">
http://www.precisionweb.net</a><br><br>
<br><br>
<br><br>
<br><br>
<br>
"Ernesto P=E9rez Est=E9vez" wrote:<br>
<blockquote type=3Dcite class=3Dcite cite=3D"">it happened to me, user (for
example) mike was using the password mike, so the attacer easily entered
to the system and uploaded the paypal fake site in /users/mike/web and
then sent tons of mails redirecting to
<a href=3D"http://www.somesite.com/~mike/.paypal/login.html" eudora=3D"autou=
rl">
www.somesite.com/~mike/.paypal/login.html</a> or things like
that.<br><br>
In my case they never used that exploit, just used a weak password from a
customer. In fact I disabled /~personal sites so the customers now are
not using personal sites, in fact nobody in my servers uses
them.<br><br>
But anyway, it is a good idea to apply that patch, just in case!<br><br>
thanks<br>
epe<br><br>
Greg Boehnlein wrote:<br>
<blockquote type=3Dcite class=3Dcite cite=3D"">We recently discovered a new
Blue Quartz box (installed using NuOnce.nets BQ 3.0 ISO image) that
apparently was brute-force attacked via ProFTPD, exploited and used in a
PayPal phising scam. Our forensic analysis led us to the following
exploit:<br><br>
<a href=3D"http://www.frsirt.com/exploits/10.13.proft_put_down.c.php" eudora=
=3D"autourl">
http://www.frsirt.com/exploits/10.13.proft_put_down.c.php</a><br><br>
The short and the sweet of this exploit is that it can result in a
root-compromise.<br><br>
I cannot confirm or deny that the latest BlueQuartz RPM of
proftpd-1.2.9-8BQ2 is vunerable, as I didn't have time to test it yet.
However, I can say that I have build new 1.2.10 RPMS and installed them
and will test against them. You can find the updated RPMS here:<br><br>
<a href=3D"ftp://ftp.nacs.net/blue-quartz/proftpd-1.2.10-1BQ1.i386.rpm" eudo=
ra=3D"autourl">
ftp://ftp.nacs.net/blue-quartz/proftpd-1.2.10-1BQ1.i386.rpm</a><br>
<a href=3D"ftp://ftp.nacs.net/blue-quartz/proftpd-1.2.10-1BQ1.src.rpm" eudor=
a=3D"autourl">
ftp://ftp.nacs.net/blue-quartz/proftpd-1.2.10-1BQ1.src.rpm</a><br><br>
Please feel free to test them and verify that they are good. If so,
please consider including them in the BlueQuartz release.<br>
</blockquote><br><br>
</blockquote><br><br>
</blockquote>
<x-sigsep><p></x-sigsep>
***************************************************************** <br>
MuntadaNet Web Hosting and Web Design Services<br>
<font color=3D"#0000FF"><u>
<a href=3D"http://www.muntada.com/" eudora=3D"autourl">
http://www.muntada.com<br><br>
</a></u></font>Sales - sales (at mark) muntada.com <br>
Support - support (at mark) muntada.com <br>
Billing - billing (at mark) muntada.com<br><br>
Main Office - 808-689-6092<br>
Fax - (808) 356-0279<br>
*****************************************************************<br><br>
</body>
</html>