proftpd is a powerful open source configurable FTP server software, the name of the last d is because it is called daemon in Linux. ProFTPd is very similar to Apache, so it's easy to configure and manage. PROFTP is easy to configure, and MySQL and Quota modules are available to choose from, perfect combination with them to achieve non-system account management and user disk limitations. Here, we show you how to build a secure ProFTPD.
1. The security risks faced by ProFTPD services
The security risks faced by ProFTPD services include: buffer overflow attacks (buffer overflow), data sniffing and anonymous access defects.
1. Buffer Overflow Attacks
For a long time, it has become a problem in computer systems with buffer overflows. The most famous case of the Morris worm is the use of computer buffer overflow vulnerabilities in November 1988. However, even its hazard is an important means of well-known buffer overflow intrusion.
The concept of buffer overflow: buffer overflows like a hundred kilograms of goods can only be installed in a 12 kilogram container. The buffer overflow vulnerability is a problem that has plagued security experts for more than 30 years. Simply put, it is a programming mechanism caused by errors in the memory software. With such a memory error, a hacker can run a piece of malicious code to disrupt the normal operation of the system and even gain control of the entire system.
2. Data Sniffing
FTP is a traditional network service program that is inherently insecure. Because plaintext passwords and data are used on the network, it is very easy for people with ulterior motives to intercept these passwords and data. The security verification of these service programs is also its weakness, and it is very vulnerable to this type of attack by the middleman.
The so-called "middleman" attack method, pretending to be a real server to receive data to the server as a "middleman", and then pretending to pass the data to the real server. The transfer between the data transfer and the server after the hands and feet of the "middle man" will be a very serious problem. The method of intercepting these password brute force can be intercepted. In addition, using the sniffer program to monitor network packets to capture session information from the beginning of FTP, it is easy to intercept the root password.
3. Anonymous access flaws
Anonymous access to FTP services, extensive support, but no real authentication anonymous FTP, so it is easy to provide an access channel for intruders, buffer overflow attacks, will lead to very serious as a result of.
4. Denial of service attacks
Denial of service is a low-tech, but attack attack, server or network equipment attacks for a long time does not provide services, due to inherent flaws in some network communication protocols It is also difficult to come up with an effective solution. In order to prevent denial of service attacks, we need to deploy a defense denial of service attack strategy from a global perspective, and multiple policy linkages to prevent denial of service attacks from being minimized.
proftpd was developed for the weaknesses of WU-FTP. In addition to improving the security weaknesses, there are many features of WU-FTP stand-alone, xinetd mode. Ordinary users generally do not use this knowledge, and users of this knowledge need to learn quickly.