Results 1 to 5 of 5
Thread: ftp file restriction help
-
06-01-2005, 05:38 PM #1Junior Guru Wannabe
- Join Date
- Jun 2003
- Posts
- 64
ftp file restriction help
I am trying to secure ftp so that I can allow foreign users to upload files within their own directory. For security reasons, I don't want them to be able to upload anything other than two or three files of certain extension (.fla, .psd etc.,).
I am running proftp. I was wondering if such a tweak could be made easily to the server? The idea would be once they upload it via ftp, I'd have a php script that is cronned every 15 or so minutes to check all users folders and move the files to a new directory, if that makes sense, where the it could be verified and processed appropriately. So they wouldn't need many privaleges as ftp users, only the ability to upload and maybe create directories within their own directory.
-
06-01-2005, 07:07 PM #2Web Hosting Guru
- Join Date
- Apr 2005
- Location
- silicon and earthquakes
- Posts
- 258
How about the sweep script deleting the uploaded files that don't have matching extensions? Seems much easier to implement.
-
06-02-2005, 01:49 PM #3Web Hosting Master
- Join Date
- Dec 2003
- Posts
- 742
the problem with a sweep script is that they'd have time in between when the script sweeps to upload scripts and stuff that could potentially be of issue.
-
06-02-2005, 04:22 PM #4WHT Addict
- Join Date
- Jul 2004
- Posts
- 117
You should put in your proftpd.conf file "PathDenyFilter" option.
Good luck.The Best Hosting Company from India
-
06-03-2005, 10:06 AM #5Web Hosting Master
- Join Date
- Dec 2003
- Posts
- 742
that was one thing i had look at a little while ago. my problem with that is, does it really restrict someone from uploading a .exe file?
all it does is a name-based check, so if i renamed a .exe file to .gif, it may fool that method of restriction. I was thinking perhaps if i limit upload to binary files only, plus add this restriction, and disable all services except ftp it may be more secure. Plus, I'd put this project on a seperate box and have the php script that sweeps the server check the filetype, size, and all that stuff. does that sound secure?