Skip to content disloops

I've had ftp.disloops.com running for about ten years. It's an FTP host that's configured to allow anonymous connections and uploads. This creates some security risks that I wrote about when I deployed it. A previous article explored some of those risks in depth.

I recently wanted to extract all the username/password combinations I'd seen since deploying the server. Only two usernames are accepted by anonymous VSFTPD servers: Anonymous and FTP. Clients using these usernames receive a prompt for an arbitrary password. Sessions initiated with any other username are immediately ended.

To extract the authentication data, I created a script that accepts a VSFTPD log file as input. It pulls all username/password combinations from the file and exports them as text or CSV.

The script can be downloaded here: https://github.com/disloops/vsftpd_parse
You can see sample output from my own server here: results.txt

Note that the script is currently designed for a server that only allows anonymous connections. This VSFTPD configuration results in a specific log format since passwords are not accepted for non-anonymous usernames. The script could easily be modified to handle non-anonymous logins instead.

I've had ftp.disloops.com running since December of last year. It's an FTP host that's configured to allow anonymous connections and uploads. This creates some security risks that I wrote about when I deployed it. See the original article here.

I wanted to report back on what I've seen since deploying it. Congrats to 188.162.248.28 for being the first one to try to log in as admin.

Malicious Uploads

The first attempt to upload a file came from 14.99.43.70:

...continue reading "Notes on Anonymous FTP"

1

I wanted to create an FTP server to share some of the media that I've saved over the years. I like the old protocols and services and I plan to stand up more of them. Because each service has its own inherent security issues, the deployment process becomes an exercise in mitigating the risks. Check it out at ftp.disloops.com

I used an Ubuntu Server 14.04 LTS instance for the FTP server and gave it an AWS Elastic IP (EIP). An entry must be added to the /etc/hosts file when deploying Ubuntu instances in AWS:

127.0.0.1  (hostname here)

Without specifying the hostname, using sudo creates an error message. Next I ran updates and changed SSH to a non-default port, then installed VSFTPD and backed up the config file:

sudo apt-get update
sudo apt-get dist-upgrade
sudo vi /etc/ssh/sshd_config
sudo apt-get install vsftpd
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.old

...continue reading "Hosting Anonymous FTP"