[Zope] (no subject)
Jim Nicholson
dongle@home.com
Thu, 29 Nov 2001 12:27:54 -0500
I run Zope's FTP listener on the standard FTP port (port 21) on my
Linux servers. I need it there because some of the authors for my site
are behind packet-filter firewalls that only allow their outbound FTP
traffic to target servers on the standard port.
It works well, except that I'm getting occasionally hammered by FTP
scanners that connect as anonymous and start CWD'ing to varous
directories (/cgi-bin, /home, /etc, etc.) looking for security holes.
There's no security problem, because those locations don't exist, and
anyway Zope denies access to them by anonymous. But it does busy my
system a bit, especially when I get three or four anonymous connections
all looping through 100+ possible directories with CWD.
Is it possible to disable anonymous connections to the Zope FTP
listener entirely? Just refuse the connections? I still might get
DOSed, but it's less likely then having them actually connect.
- Jim