Yes, the Frontpage extensions are mostly insecure and have many patches for various problems.
Why don�t you create accounts for each of your friends? That way they can login without enabling anonymous access. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, November 26, 2001 1:42 PM > To: [EMAIL PROTECTED] > Subject: FTP Vulnerability via Front Page Extensions? > > > I am running W2kserver and IIS 5.0 with Front Page 2000 > extensions installed. I have (or at least "had") anonymous > access (READ only) set up for my FTP service until last week > when I discovered that my rather large hard drive was > completely full. I did some digging around and checked all of > my IIS logs in the process. I discovered a ton of hits such > as the log excerpt pasted in below: > > 04:32:36 xxx.xxx.xxx.xxx [3]USER anonymous 331 > 04:32:36 xxx.xxx.xxx.xxx [3]PASS [EMAIL PROTECTED] 230 > 04:38:22 xxx.xxx.xxx.xxx [3]sent > /_vti_pvt/tag/com/test/tagged/and/upped/by/solfe/4/all+french+ > team/DivX/10.18.01.The.Animal.FRENCH.DVDiVX-SEQ/ta-seq.r36 > 226 04:46:10 xxx.xxx.xxx.xxx [3]sent > /_vti_pvt/tag/com/test/tagged/and/upped/by/solfe/4/all+french+ > team/DivX/10.18.01.The.Animal.FRENCH.DVDiVX-SEQ/ta-seq.r37 > 226 04:54:02 xxx.xxx.xxx.xxx [3]sent > /_vti_pvt/tag/com/test/tagged/and/upped/by/solfe/4/all+french+ > team/DivX/10.18.01.The.Animal.FRENCH.DVDiVX-SEQ/ta-seq.r38 > 226 05:01:43 xxx.xxx.xxx.xxx [3]sent > /_vti_pvt/tag/com/test/tagged/and/upped/by/solfe/4/all+french+ > team/DivX/10.18.01.The.Animal.FRENCH.DVDiVX-SEQ/ta-seq.r39 > 226 05:08:59 xxx.xxx.xxx.xxx [3]sent > /_vti_pvt/tag/com/test/tagged/and/upped/by/solfe/4/all+french+ > team/DivX/10.18.01.The.Animal.FRENCH.DVDiVX-SEQ/ta-seq.r40 226 > > If you will notice the "/_vti_pvt" folder, this was the case > every time this site was hacked into. According to my logs, > this took place over the course of about two weeks and was > hit from several different IP Addresses. The "/_vti_pvt" > folder is a Front Page Extensions folder and it is my guess > that this is a vulnerability that has something to do with > Front Page permissions coupled with IIS 5.0 FTP service. > Since then, I have deleted all of the sub folders under the > "/_vti_pvt" folder and removed anonymous access and removed > the anonymous user account completely from the file system > permissions as well. I have also set the FTP service to > manual and limited simultaneous FTP connections to one, which > will allow me to remotely start the FTP service and then > connect and have me be the only allowed connection during my > session. I have had no such hits since I made these changes. > > A colleague of mine had the same exact issue with his home > server, but under a different alias. Does anyone know of such > a vulnerability? I would like to be able to allow anonymous > access to my server because it allows me to do a lot of > favors for friends and relatives. > > Take care.. happy holidays and thanks in advance, > Rob Edmiston >
