[Zope] Limitinng anon FTP access with Zope

Jim Nicholson dongle@home.com
Sun, 2 Dec 2001 12:59:09 -0500


I'm re-posting this, as my original post did not have a subject, and I 
have some things to add:

I run Zope's FTP listener on the standard FTP port (port 21) on my 
Linux servers. I need it there because some of the authors for my site 
are behind packet-filter firewalls that only allow their outbound FTP 
traffic to target servers on the standard port.

It works well, except that I'm getting occasionally hammered by FTP 
scanners that connect as anonymous and start CWD'ing to varous 
directories (/cgi-bin, /home, /etc, etc.) looking for security holes. 
There's no security problem, because those locations don't exist, and 
anyway Zope denies access to them by anonymous. But it does busy my 
system a bit, especially when I get three or four anonymous connections 
all looping through 100+ possible directories with CWD.

Is it possible to disable anonymous connections to the Zope FTP 
listener entirely? Just refuse the connections? I still might get 
DOSed, but it's less likely then having them actually connect.

I've tried setting anon_limit (in ZServer/FTPServer.py) to 0, but it 
still allows anonymous connections. Any hints?


- Jim