DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

#1 2007-02-05 01:41:17

Ethereal_Dragon
Member
From: USA
Registered: 2007-02-05
Posts: 55

Disabling anonymous FTP browsing

Hello All. I have a DNS-323 that has been up and running since the beginning of last month, hasn't restarted or crashed yet (knock on wood). I am running two Seagate 7200.10 ST3500630AS  500 Gig drives in a RAID1 array.

I have browsed this forum, and alot of this stuff seems over my head as far as installing telnet this, modifying linux that...

My problem is that (sent ticket to D-Link support too) is with the FTP. I have 2 accounts set up. 1 with read only access to a folder, "FTP", off of ROOT, and the other with read/write access to root. The logins work perfect, wether it is through command prompt, or ftp://<login>:<password>@<ftpserveripaddress>:<port>. The problem I noticed is that the DNS-323 grats read access to ROOT for anonymous users. I am told by someone I work with that the DNS likely uses an Apache web server (again, somthing I am not too familiar with) as it's default allows listing by anonymous users. Is there a workaround to force users with browsers to login, and deny access to anonymous??

Thanks everyone.


Gaming Rig: ASUS Z87-PRO (V EDITION), Intel Core i5-4590 Haswell, HyperX FURY 8GB DDR3 1866,
XFX Radeon HD 4870, SILVERSTONE DA700, Samsung 840 500Gig SSD MZ-7TD500BW, 3x WD20EARS 2 TB Green,
ASUS DRW-2014L1T (DVD), LG WH14NS40 (Blu Ray), Dell 2709W, Sony SDM-HS95P, Windows 10 Pro
The NAS Box: D-Link DNS-323, 0.1RC3 Alt-F firmware, 2x 7200.14 ST3000DM001 3TB EXT4 - NO RAID - 6 TB

Offline

 

#2 2007-02-05 08:30:19

Apskaft
Member
From: Karlskrona, Sweden
Registered: 2007-01-09
Posts: 165

Re: Disabling anonymous FTP browsing

First of all, the ftp server used is the WU-FTPd and not Apache. You can do a lot with the WU-FTPd, but you need to have access to the systemfiles (i.e. Telnet access). A cannot guide you but all information is available in the manpages for WU-FTPd. And; the systemfiles for WU-FTPd are loctated in the /etc directory.

Maybe there are ways to do this already in the WEB GUI and I think that you've done the right thing issuing a ticket to D-Link.

/Apan

Offline

 

#3 2007-02-05 21:11:49

Ethereal_Dragon
Member
From: USA
Registered: 2007-02-05
Posts: 55

Re: Disabling anonymous FTP browsing

Thanks for the reply... I was going to ask for details on how to gain telnet access to the box, but I poked around, and found the wiki for the DSM-G600 and will try that once I get home from work. Great forum too, first one I have seen so far dedicated to DNS-323.


Gaming Rig: ASUS Z87-PRO (V EDITION), Intel Core i5-4590 Haswell, HyperX FURY 8GB DDR3 1866,
XFX Radeon HD 4870, SILVERSTONE DA700, Samsung 840 500Gig SSD MZ-7TD500BW, 3x WD20EARS 2 TB Green,
ASUS DRW-2014L1T (DVD), LG WH14NS40 (Blu Ray), Dell 2709W, Sony SDM-HS95P, Windows 10 Pro
The NAS Box: D-Link DNS-323, 0.1RC3 Alt-F firmware, 2x 7200.14 ST3000DM001 3TB EXT4 - NO RAID - 6 TB

Offline

 

#4 2007-02-07 17:21:51

Ethereal_Dragon
Member
From: USA
Registered: 2007-02-05
Posts: 55

Re: Disabling anonymous FTP browsing

I just wanted to note that in Firmware 1.02b D-Link has CORRECTED this anonymous user getting read access to root. I confirmed this through the web brower & command prompt.


Gaming Rig: ASUS Z87-PRO (V EDITION), Intel Core i5-4590 Haswell, HyperX FURY 8GB DDR3 1866,
XFX Radeon HD 4870, SILVERSTONE DA700, Samsung 840 500Gig SSD MZ-7TD500BW, 3x WD20EARS 2 TB Green,
ASUS DRW-2014L1T (DVD), LG WH14NS40 (Blu Ray), Dell 2709W, Sony SDM-HS95P, Windows 10 Pro
The NAS Box: D-Link DNS-323, 0.1RC3 Alt-F firmware, 2x 7200.14 ST3000DM001 3TB EXT4 - NO RAID - 6 TB

Offline

 

#5 2007-02-09 21:43:36

Ethereal_Dragon
Member
From: USA
Registered: 2007-02-05
Posts: 55

Re: Disabling anonymous FTP browsing

Just another question.... Does this WU-FTPd support FTP logging? Looking to see if it is possible to have user names logged, login/out times, and files sent or taken logged if possible.


Gaming Rig: ASUS Z87-PRO (V EDITION), Intel Core i5-4590 Haswell, HyperX FURY 8GB DDR3 1866,
XFX Radeon HD 4870, SILVERSTONE DA700, Samsung 840 500Gig SSD MZ-7TD500BW, 3x WD20EARS 2 TB Green,
ASUS DRW-2014L1T (DVD), LG WH14NS40 (Blu Ray), Dell 2709W, Sony SDM-HS95P, Windows 10 Pro
The NAS Box: D-Link DNS-323, 0.1RC3 Alt-F firmware, 2x 7200.14 ST3000DM001 3TB EXT4 - NO RAID - 6 TB

Offline

 

#6 2007-02-17 00:45:56

Ethereal_Dragon
Member
From: USA
Registered: 2007-02-05
Posts: 55

Re: Disabling anonymous FTP browsing

Ok, not too sure WHAT is up, but somone pointed out in another thread that the anonymous browsing is working again... I just confirmed this through browser & command prompt, no FLIPPIN CLUE how it would have all of a sudden changed with no firmware updates between now and when I moved to 1.02b.....


Gaming Rig: ASUS Z87-PRO (V EDITION), Intel Core i5-4590 Haswell, HyperX FURY 8GB DDR3 1866,
XFX Radeon HD 4870, SILVERSTONE DA700, Samsung 840 500Gig SSD MZ-7TD500BW, 3x WD20EARS 2 TB Green,
ASUS DRW-2014L1T (DVD), LG WH14NS40 (Blu Ray), Dell 2709W, Sony SDM-HS95P, Windows 10 Pro
The NAS Box: D-Link DNS-323, 0.1RC3 Alt-F firmware, 2x 7200.14 ST3000DM001 3TB EXT4 - NO RAID - 6 TB

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB