Skip to page content or skip to Accesskey List.
Search evolt.org
evolt.org login: or register

Work

Main Page Content

Recovering from Anonymous FTP Abuse

Posted on January 29, 2002

in Backend

by Ben Dyer (OKolzig37)

Rated 4.03 (Ratings: 9) (Add your rating)

Log in to add a comment
(5 comments so far)

Want more?

 
Picture of OKolzig37

Ben Dyer

Member info | Full bio

User since: May 08, 2001

Last login: May 08, 2001

Articles written: 4

Anonymous FTP is never a good idea anymore because it leaves you open to abuse from people who like nothing more than free sharing for their movies, MP3s or pr0n. The best step you can take to avoid abuse, of course, is to never let it happen. However, perhaps you inherited a project on a poorly-configured server, or there is a neglected server that you aren't yet using, or you just didn't know to turn off Anonymous FTP in the first place (IIS leaves it on by default). This article will show you how to solve the problem.

Note: This tutorial assumes that the victim machine is running IIS.

Stop the Bleeding

The first step, of course, is to turn off Anonymous FTP immediately. In Internet Services Manager in IIS, right-click on your affected FTP server, click the "Security Accounts" tab and uncheck "Allow Anonymous Connections". After this is accomplished, restart the FTP services to kick any current connections.

Wash Area With Soap and Water

Those who abuse Anonymous FTP on WinNT/2K boxes have learned lots of irritating little tricks to prevent you from being able to remove the contents they upload. Sometimes they will use characters that are perfectly legitimate to the NTFS file system and/or on Unix-based systems, but that Windows will choke on (Carriage Returns, Tabs, Backspaces, Slashes, Semicolons, Colons, etc.). This way, when Windows goes to delete the file, it insists that it can't because it doesn't understand the file name. Sometimes even trying to open the directory in Windows Explorer will hang the machine.

Another trick that is used is to create directories that are reserved words in the Windows file system: AUX, COM, CON, LPT1, LPT2, NUL or PRN, for example. Again, Windows will not permit you to delete these directories because it figures that they are system files and it knows how damaging that would be.

Perform CPR

You can't remove these files directly through Windows. You will need to go through the command prompt to delete files. From the command prompt, go to the affected directories. Now, and here is the trick, use the dir command with the /x switch (dir /x). The /x switch is rarely used, but it produces the 8.3 DOS name for every file and directory name longer than eight characters (like "My Documents" shows up as "MYDOCU~1").

Now that you know the name of the directory that DOS understands, you can delete the directory. I've had so-so success with doing a recursive directory delete (rd /S WHATEVER) as sometimes DOS will trip over the subdirectories. If you cannot recursively delete the entire directory, you will have to manually traverse the entire directory tree and delete the contents manually (which can be very time-consuming, depending on how much junk the abusers put on your server).

Call 911

If you need more help, here are a few links you can use that provide more information about the problem and some additional suggestions.

Ben Dyer has been tinkering with computers his entire life (starting with a TI-99 around age 3), and has been doing internet stuff for around six years now. For five years (about two ice ages in internet time), he was Senior Internet Developer for Imaginuity Interactive, an internet development firm in Dallas, Texas, before leaving in March 2003 to co-found ToSon BT, a company that provides creative and technical services (presentations, audio/video, live shows, internet) for churches and ministries.

His personal projects include DFW Anime.com, which keeps track of anime goings-on in the Dallas/Fort Worth Metroplex and Anime Blog Muyo! which is a group blog about anime. You can also read all about his nonexistant escapades (or at least find a bunch of stupid links) at his personal blog.

5 comments on this article. Log in to add your comment | Rate this article: Rate this node 1 star.Rate this node 2 star.Rate this node 3 star.Rate this node 4 star.Rate this node 5 star.

How timely

Submitted by Jeff Howden on January 29, 2002 - 19:52.

Ben,

What great timing. I was just looking over my /ftproot and wondering what I was going to do about a couple of stubborn directories.

Just goes to show you can't totally get away from the command line — even on Windows.

.jeff

login or register to post comments

Additional...

Submitted by OKolzig37 on February 14, 2002 - 12:13.

I just finished helping another friend with this problem, and I wanted to post a few more things that will be useful pertaining to this article.

First of all, for those who are a little rusty at the command line: changing directories is cd directory, removing directories is rmdir directory and deleting files is del file.ext. If you want to use a command you recently used, hit F3 and use the arrow up and down keys to cycle through recent commands.

Second, if you are still having trouble with files still not removing properly, you can try this command: rmdir /s \\.\c:\0200~1\~\whatever\~\~\aux. Sometimes this does the trick, too. For information on this particular trick can be found on the links that are provided in the article.

And finally, be careful when using Windows Explorer to traverse these directories. Sometimes, without warning, the name of the directory alone can take out the entire machine.

login or register to post comments

RM works the best

Submitted by DomitianX on February 20, 2002 - 07:28.

RM.exe from the resource kit works the best. I have had to use this tool on several occassions.

login or register to post comments

About that recursive delete...

Submitted by kenkogler on March 27, 2002 - 18:44.

Quote: "I've had so-so success with doing a recursive directory delete..."

Try using deltree <em>directory</em>. Works wonders.

Just don't ever type deltree windows... *grin*

login or register to post comments

free renamer utility

Submitted by humbads on March 18, 2005 - 09:09.

I wrote a free program to fix this problem. It just recursively renames all the undeletable files in a folder to names that are deletable. You can get more information and download it from my website at: Delete hacked or undeletable files from ftp

login or register to post comments

The access keys for this page are: ALT (Control on a Mac) plus:

evolt.orgEvolt.org is an all-volunteer resource for web developers made up of a discussion list, a browser archive, and member-submitted articles. This article is the property of its author, please do not redistribute or use elsewhere without checking with the author.