I routinely run the 'John the Ripper' password cracker on my users.
http://www.openwall.com/john/
This doesnt prevent bad passwords from being created, but it can
notify me if one exists. Then I can chase down the user, and a few
times I have closed accounts because they refuse to use a decent
password. I dont have that many users so, this works well for me.
-Adam
On 12/29/05, MuntadaNet Webmaster <webmaster (at mark) muntada.com> wrote:
> Is there a way to enforce password complexity rules? I.e. no dictionary
> words, minimum length, must contain two upper alpha, two lower alpha, two
> numeric, two special characters
>
>
> At 09:08 AM 12/28/2005, you wrote:
>
> I've had servers in the past where my customers set up accounts like user
> sam with password sam. Hackers use scripts to guess common usernames with
> common passwords. Then they upload files to the user's directories. From
> there they try to hack your server with php or perl scripts.
>
> What I do is add the <Limit LOGIN> section to the /etc/proftpd.conf to not
> allow logins from users that are not siteadmins.
> If a non-siteadmin user actually needs FTP, then I will add them manually.
>
> So the global section of my profptd.conf looks something like:
>
> <Global>
> TimesGMT off
> DefaultChdir ../../web site-adm
> <Limit SITE_CHMOD>
> AllowAll
> </Limit>
> IdentLookups off
> MaxClientsPerUser 5
> DeferWelcome on
> <Limit LOGIN>
> DenyAll
> AllowGroup site-adm
> AllowUser admin
> </Limit>
> ServerIdent off
> </Global>
> UseReverseDNS off
>
>
>
> ----
>
> Ken Marcus
> Precision Web Hosting
> http://www.precisionweb.net
>
>
>
>
>
>
>
>
> "Ernesto PñÓez Estñ×ez" wrote:
>
> it happened to me, user (for example) mike was using the password mike, so
> the attacer easily entered to the system and uploaded the paypal fake site
> in /users/mike/web and then sent tons of mails redirecting to
> www.somesite.com/~mike/.paypal/login.html or things like
> that.
>
> In my case they never used that exploit, just used a weak password from a
> customer. In fact I disabled /~personal sites so the customers now are not
> using personal sites, in fact nobody in my servers uses them.
>
> But anyway, it is a good idea to apply that patch, just in case!
>
> thanks
> epe
>
> Greg Boehnlein wrote:
>
> We recently discovered a new Blue Quartz box (installed using NuOnce.nets BQ
> 3.0 ISO image) that apparently was brute-force attacked via ProFTPD,
> exploited and used in a PayPal phising scam. Our forensic analysis led us to
> the following exploit:
>
> http://www.frsirt.com/exploits/10.13.proft_put_down.c.php
>
> The short and the sweet of this exploit is that it can result in a
> root-compromise.
>
> I cannot confirm or deny that the latest BlueQuartz RPM of
> proftpd-1.2.9-8BQ2 is vunerable, as I didn't have time to test it yet.
> However, I can say that I have build new 1.2.10 RPMS and installed them and
> will test against them. You can find the updated RPMS here:
>
> ftp://ftp.nacs.net/blue-quartz/proftpd-1.2.10-1BQ1.i386.rpm
> ftp://ftp.nacs.net/blue-quartz/proftpd-1.2.10-1BQ1.src.rpm
>
> Please feel free to test them and verify that they are good. If so, please
> consider including them in the BlueQuartz release.
>
>
>
>
>
>
> *****************************************************************
> MuntadaNet Web Hosting and Web Design Services
> http://www.muntada.com
>
> Sales - sales (at mark) muntada.com
> Support - support (at mark) muntada.com
> Billing - billing (at mark) muntada.com
>
> Main Office - 808-689-6092
> Fax - (808) 356-0279
> *****************************************************************
>
>
--
-----------------------------------------------------------------
Shroom.net Donation Based Web Hosting
http://www.shroom.net/
-----------------------------------------------------------------