One Anonymous FTP account question

Discussion in 'General' started by Corrupter, Sep 18, 2008.

  1. Corrupter

    Corrupter New Member

    i realize that when the server has only one physical IP for its websites that it can only have one anonymous FTP account but my question is just requiring a bit of clarity on this.

    I did some testing just to better understand whats happening behind the scenes and it seems that i have 1 client, 2 sites. each site is checked to have an anonymous ftp account ( i understand only one of them actually will as they are both hosted on the same IP address ) but am i correct in saying that if i had another IP address available for the second site that it would receive its own ftp folder for anonymous connections?

    lastly i realize that those 2 previously mentioned sites share (technically) one IP address and thus, share an anonymous FTP account however only one of the websites actually houses the ftp folder in this case, web1. web2 doesnt contain an ftp folder. So if that is true ( which for my purposes is fine ) if the owner of web1 told his client to login anon would be taking to web1/ftp and web2, if he told his client to login anon would also be taken to web1/ftp . now this does pose a bit of a security issue but like i said its fine for me. I again just need to be clear that this is whats happening and i hope that in the future versions of ISPConfig that anonymous connections to websites once that one available anon connection is filled wont be allowed to the other websites.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This has nothing to do with ISPConfig. For anonymous FTP, you need a separate IP address for every anonymous FTP account. If you have that, every separate account has its own folder. As you dont have separate IP's, they dont have separate folders of course as anonymous FTP is based on IP's and it does not matter at all which domain is used to connect, this is part of the FTP protocol specification.
  3. Corrupter

    Corrupter New Member

    well i understand that i suppose, only makes common sense.

    However is there any way to prevent additional anonymous users attempting to access from other domain names access?

    You can see how this might be a bit of a security issue if web2 needs anonymous ftp but web1 doesnt, but someone in the community for web1 is shady and wishing to flood the server with useless junk so he attempts to access via ftp anonymously only to find it works.

    Furthermore i would imagine that since web2 has anonymous ftp and web1 doesnt if this were to happen the anonymous user wouldnt be actually flooding the web-free-space for web1 but actually web2 so this would degrade web2's service instead of web1.

    I hope that makes sense, any thoughts?
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Domains are absolutely irrelevant for anonymous FTP. If you want to prevent access from another domain, make sure that no other domain points to this IP.
  5. Corrupter

    Corrupter New Member

    lol, thank you for pointing that out, im sorry for asking such an obvious question =).

    Thank you for being a good sport and answering my question.

    Furthermore, it would be nice however if ISPConfig did give you some heads up when you check anonymous ftp for another site when one is already set, so you can make those changes, otherwise it may not occur to you like it did me and a potential security issue would be looming.

    Lastly, either in the documentation or somewhere in the GUI (since im making suggestions for future versions) it might not be a bad idea that under server settings or somewhere like that, maybe even its own tab called master server configurations you can make links to the template confs in the /root/ispconfig/isp/confs folder as its useful to make adjustments to copies of those moved into the customized folder, would just be useful if they were more commonly known or announced of their existence and what they do to the end user.

    THANK YOU so much for this product and your selfless service, i really do appreciate you taking the time to answer my silly questions =P

Share This Page