This is a warning to anyone using Interland as their hosting provider, running NT and Frontpage extensions.

My site was accessed via the anonymous FTP account by a user connected to Home.com. The user located one of the hidden directories created by the frontpage extensions, and uploaded approximately 600Mb of Star Trek game data.

This was done with the standard Interland security configuration in place. I have notified them that this is the case. However, if you have an Interland account, I highly recommend that you disable anonymous FTP access all together and service any download provisions you have via HTTP until they can come up with a good resolution.

PS Before anyone asks, the anonymous FTP provision was being used for a purpose - software evualation downloads, so it wasn't just left open by accident.

Lessons learned - try to crack into your own site via as many obvious routes as possible. I thought I'd done that, but never considered the hidden FP extensions directories!

You may find this article quite interesting which touches on NT security and Interland's actions in the area...
http://www.webtechniques.com/archives/2000/04/newman/

Deb

Hello,

The problem you are having, was one major problem that the earlier FrontPage's software ported to Linux had. Allowing users to view the FrontPage directory Containing the FrontPage password file. Then all the cracker (lack of a better word) would have to do is get a program like "Jack the Ripper" and crack the password on there nice safe computer, Log in with their new found password and do what they like.

Although I am not an expert of the NT version of the FrontPage client, the problem could be related. I suggest you figure out just how badly you need to use this FrontPage support. If the answer is "Not that much" then I suggest you contact your host and get them to disable the FrontPage support for your account. Would save a lot of headaches. :)

Hope this helps.




------------------
[ Jason Berresford ]
www.can-host.com (http://www.can-host.com)
admin@can-host.com
[ (905)765-8140 ]

Jason,

It wasn't a loop hole in Frontpage (even though there are some!), it was a loop hole in the standard security settings of Interlands NT setup. Bascially they have a ftp-user account that is used by anonymous FTP users. Normally, the account would have no access to every directory, apart from read access on the anonymous tree. Interland, by and large, did that but they forgot to take into account the hidden directories created by FP, and were set at full access!

triumph595,

Thanks for the info, as I said I'm not an expert when it comes to windows NT. That information should come in handy for the future :)




------------------
[ Jason Berresford | Admin]
[ http://www.can-host.com ]
[ Admin@can-host.com ]
[ (905)765-8140 ]