Ticket BurstNET ID# 21819

:angry:

I know that Burst net have said this not a support forum, but after waiting 6 days since original support post and a follow up email 2 days ago i have not had a reply.

This is a very urgent matter of security!!

Can anyone else help?

I have setup 2 named based domains under a re-seller account,
domain1.co.uk
domain2.co.uk

i have turned off anon ftp but can still access both domains via anon ftp, with access to folders other than public ftp, these are the folders

pub
mail
lib
etc
bin

I have check file permission in file manager (cpanel) and they do not allow world, how can i prevent access to these folder?

even with anon access turned back on i still only get access to these folder?

Will this happen every time i set a new domain?

Hello
I think what you are seeing is the main server IP address anon FTP folders.

Go into cpanel for the main IP/hostname and set the anonymous FTP setting not to allow it.
I think this is the correct way to do it, but others may have a better suggestion.

Gordon

Thanks for reply, the servers main IP does not have a domain on it.

Looking at the IP usage it says that the name based domains are using base IP, and is the servers name set as sub domain to only IP based domain on machine is using base IP.

i have tried access base ip control panel but cannot, it only logs on if i use name based domains user ID.

I edited the DNS setting for the only IP based domain on machine to point to the servers base IP address. This does not seem to have done anything, with the IP usage still showing it using old IP, also when access IP based domain via web it is only accessable via old IP not server base IP.

Hope you understand this :)

I have looked at the proftpd.conf file, there is a <virtualhost> entry for the IP based domain but none for the name based domain, is this correct?

If not can some cut and paste a template for the entry i should have in there.

Thanks

Hello, i have solved problem.

Although it is a mistake on my part it has uncovered a security problem.

when i enter the address ftp://www.pro-rated.net/ it shows the folder mention earlier, if i enter ftp://ftp.pro-rated.net/ all is ok.

Does anyone know how to prevent problem of showing folder if wrong address entered?

cheers

Sorry but it is not solved, i am still having same problem but now with IP based domain as well.

What is weired is that it happens in IE but not in FTP client, and then not alway in IE, sometimes it logs on ok to anon sometimes not.

Come someone must be able to help, if you have WHM & Cpanel try and see if you get same results so i know if it is just me.


Cheers

I have the same problem. It must be a problem in cpanel. No matter which domain I try I am always able to login as ftp or anonymous. I tried a lot of things to fix it but had no success. Even if you go to the domain's cpanel and go into the page where you can specify if you allow or disallow anonymous ftp and specify that you won't allow anonymous ftp it till won't work.
Please cpanel guys help us out.

Thanks.

Netrose

Hi, is your problem that you can always log into anon ftp even when it is not allowed?

Or is like mine when i log into ftp via IE i don't get the public_ftp folder but access to these folders:

pub
mail
lib
etc
bin

Sorry but i also get problem with dedicated ftp client.

I think i know what is happening, when a ftp request is made the folder
home/ftp/
is being returned instead of home/user/public_ftp

Anyone help out here.

cheers

Now i have sorted it, changed permissions on home/ftp folder

So, what did you do exactly because I have the same problem.

All anonymous ftp access is turned off but I still get in.

thank you,
Domenico

Hi, i change the permission on the home/ftp folder, but have since found this info on another forum, which is said to work but have not trued it yet

You have to edit the proftpd.conf yourself
for each virtual host entry in the anonymous section add

<Login>
Deny All
</Login>