I am operating a video ftp site. As I logged in as root, I used ftpwho and found that a users has opened five connections.

Is there a way to disconnect this guy?

Also, where can I find good site/tutorial for learning networking commands in linux, such as listing all the connections/ports/... or acting on a connection.

Thanks,

Peter

Originally posted by ckpeter
I am operating a video ftp site. As I logged in as root, I used ftpwho and found that a users has opened five connections.

Is there a way to disconnect this guy?

Also, where can I find good site/tutorial for learning networking commands in linux, such as listing all the connections/ports/... or acting on a connection.

Thanks,

Peter

What FTP server are you using? Some FTP server has a feature that limits FTP session per IP or per users. If your current FTP server don't provide that feature, try switching to ProFTPD.

I am using wu-ftpd.

I tried to use proftp, but it wouldn't allow anonymous access. I tried everything.(oh well, subject of another thread)

Thanks,

Peter

Originally posted by ckpeter
I am using wu-ftpd.

I tried to use proftp, but it wouldn't allow anonymous access. I tried everything.(oh well, subject of another thread)

Thanks,

Peter

You obviously didn't try hard enough :)
ProFTPD allows anonymous access out of the box, you only need to uncomment some command on the config file (proftpd.conf)

If your heart is set on wu-ftpd.. You could always kill the extra processes from the root shell prompt.. That would not stop him from coming back and doing the same thing though..
The user is more than likely using a multi-threaded ftp client which would explain the multiple connections.
I am not sure if wu-ftpd allows you to control this or not(I am sure it probably does in the config file somewhere). We use ProFTPD and as mentioned it's a simple uncommented line for anonftp.

No, I actually preferred proftp.

Exactly what do I need to uncomment? I have checked every options in webmin. And I have edited the virtual server to enable anonymous access, but nothing worked. The server was still treating anonymous user like a regular user.

Thanks,

Peter

Originally posted by ckpeter
No, I actually preferred proftp.

Exactly what do I need to uncomment? I have checked every options in webmin. And I have edited the virtual server to enable anonymous access, but nothing worked. The server was still treating anonymous user like a regular user.

Thanks,

Peter

On my Mandrake box here, I don't even need to do anything to enable anonymous FTP. I can PM you the config file if you want.

priyadi,
Please do PM me your config. Much appreciated.

Thanks,

Peter

HI!
Try this on top of proftpd.conf

UserAlias anonymous ftp
AnonRequirePassword off
RequireValidShell off


After this have the regualar <anonymous> tag... It should work.

Have a great day :)

regards
amar

Thanks for the help, I have just gotten proftpd to do anonymous.

Like bob says, all it needs was those directives. (Both webmin and the doc failed me:bawling: ) I had to install numorous rpms and selectively putting in directives to figure out.:mad:

Thanks again,

Peter

Hmmm, you better monitor that anonymous access because before you know it your server has become a warez gateway and you really don't want that !!!

Thanks for the suggestion. I plan to disallow uploads.

Besides, after being open for three days(1/1-1/3), there was 18Gb of transfer, and I was forced to shut it down.

Peter

To disconnect a specific ftp session do the following:

ps auxf

Then find the PID of the process you wish to kill. Then

kill PID

That will disconnect the active ftp session. Then if you want to ban this person from connecting to your server again, use the following command to block his/her IP:

/sbin/route add IPADDRESS dev lo

Thanks for the reply.

So, in general, all I have to do is to kill the child process which serve that person, right?

By the way, with wu-ftpd, I discovered that there was a command xferstat that show me a nicely format list of stats. Is there anything like that for proftpd? (So that I can use that before I learn how to make webalizer do proftpd log)

Thanks,

Peter

I could be wrong, because my memory sucks. But doesn't proftpd log to xferlog in the same format as wu-ftpd, by default?

You might still be able to use xferstats.

But I use mk-ftp-stats. I forget where I downloaded it from.

anyone using Washington University FTPD must have a death wish for their box. Almost every single version of WU FTPD (except possibly the most recent) has had some form of exploit which could result in an intruder gaining remote root access to your box. You should seriously considering switching to something like ProFTPD, or lookup "WU GOD" (i think thats how it's spelt) to see what versions of WU-FTPD can be hacked (thats the common tool for hacking WU-FTP servers AFAIK)