Results 1 to 5 of 5
  1. #1
    Join Date
    Jun 2003
    Posts
    64

    ftp file restriction help

    I am trying to secure ftp so that I can allow foreign users to upload files within their own directory. For security reasons, I don't want them to be able to upload anything other than two or three files of certain extension (.fla, .psd etc.,).


    I am running proftp. I was wondering if such a tweak could be made easily to the server? The idea would be once they upload it via ftp, I'd have a php script that is cronned every 15 or so minutes to check all users folders and move the files to a new directory, if that makes sense, where the it could be verified and processed appropriately. So they wouldn't need many privaleges as ftp users, only the ability to upload and maybe create directories within their own directory.

  2. #2
    Join Date
    Apr 2005
    Location
    silicon and earthquakes
    Posts
    258
    How about the sweep script deleting the uploaded files that don't have matching extensions? Seems much easier to implement.

  3. #3
    the problem with a sweep script is that they'd have time in between when the script sweeps to upload scripts and stuff that could potentially be of issue.

  4. #4
    You should put in your proftpd.conf file "PathDenyFilter" option.

    Good luck.
    The Best Hosting Company from India

  5. #5
    that was one thing i had look at a little while ago. my problem with that is, does it really restrict someone from uploading a .exe file?
    all it does is a name-based check, so if i renamed a .exe file to .gif, it may fool that method of restriction. I was thinking perhaps if i limit upload to binary files only, plus add this restriction, and disable all services except ftp it may be more secure. Plus, I'd put this project on a seperate box and have the php script that sweeps the server check the filetype, size, and all that stuff. does that sound secure?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •