Mark Wilkinson wrote:
Hi David.
Redhat comes with wu-ftpd which is notoriously insecure and not particularly good.
yes redhat does come with wu-ftp, it has been insecure in the past.. but so have a lot of things (sendmail/apache/bind)... it seems stable(ish) now ;)..
I'd recommend uninstalling it (rpm -e wu-ftpd) and installing proftpd which is much better and less of a security risk.
yup, I'd go with that, proftpd is 'better' in my view (easier to configure etc...) although I would not like to say wether it is less of a security risk...
Have got the tarball if you need it. We recently had one of our boxes hacked via a wu-ftpd "site" exploit and it meant a trip down to telehouse with disks in hand for a full rebuild of the machine. Not recommended!
did you keep the machine upto date with the security patches ;)..
Neill
FWIW.
Mark.