Skip to page content or Skip to Accesskey List.


Main Page Content

Recovering From Anonymous Ftp Abuse

Rated 4.03 (Ratings: 9)

Want more?

Picture of OKolzig37

Ben Dyer

Member info

User since: 08 May 2001

Articles written: 4

Anonymous FTP is never a good idea anymore because it leaves you open to abuse from people who like nothing more than free sharing for their movies, MP3s or pr0n. The best step you can take to avoid abuse, of course, is to never let it happen. However, perhaps you inherited a project on a poorly-configured server, or there is a neglected server that you aren't yet using, or you just didn't know to turn off Anonymous FTP in the first place (IIS leaves it on by default). This article will show you how to solve the problem.

Note: This tutorial assumes that the victim machine is running IIS.

Stop the Bleeding

The first step, of course, is to turn off Anonymous FTP immediately. In Internet Services Manager in IIS, right-click on your affected FTP server, click the "Security Accounts" tab and uncheck "Allow Anonymous Connections". After this is accomplished, restart the FTP services to kick any current connections.

Wash Area With Soap and Water

Those who abuse Anonymous FTP on WinNT/2K boxes have learned lots of irritating little tricks to prevent you from being able to remove the contents they upload. Sometimes they will use characters that are perfectly legitimate to the NTFS file system and/or on Unix-based systems, but that Windows will choke on (Carriage Returns, Tabs, Backspaces, Slashes, Semicolons, Colons, etc.). This way, when Windows goes to delete the file, it insists that it can't because it doesn't understand the file name. Sometimes even trying to open the directory in Windows Explorer will hang the machine.

Another trick that is used is to create directories that are reserved words in the Windows file system: AUX, COM, CON, LPT1, LPT2, NUL or PRN, for example. Again, Windows will not permit you to delete these directories because it figures that they are system files and it knows how damaging that would be.

Perform CPR

You can't remove these files directly through Windows. You will need to go through the command prompt to delete files. From the command prompt, go to the affected directories. Now, and here is the trick, use the dir command with the /x switch (dir /x). The /x switch is rarely used, but it produces the 8.3 DOS name for every file and directory name longer than eight characters (like "My Documents" shows up as "MYDOCU~1").

Now that you know the name of the directory that DOS understands, you can delete the directory. I've had so-so success with doing a recursive directory delete (rd /S WHATEVER) as sometimes DOS will trip over the subdirectories. If you cannot recursively delete the entire directory, you will have to manually traverse the entire directory tree and delete the contents manually (which can be very time-consuming, depending on how much junk the abusers put on your server).

Call 911

If you need more help, here are a few links you can use that provide more information about the problem and some additional suggestions.

Ben Dyer has been tinkering with computers his entire life (starting with a TI-99 around age 3), and has been doing internet stuff for around six years now. For five years (about two ice ages in internet time), he was Senior Internet Developer for Imaginuity Interactive, an internet development firm in Dallas, Texas, before leaving in March 2003 to co-found ToSon BT, a company that provides creative and technical services (presentations, audio/video, live shows, internet) for churches and ministries.

His personal projects include DFW, which keeps track of anime goings-on in the Dallas/Fort Worth Metroplex and Anime Blog Muyo! which is a group blog about anime. You can also read all about his nonexistant escapades (or at least find a bunch of stupid links) at his personal blog.

The access keys for this page are: ALT (Control on a Mac) plus: is an all-volunteer resource for web developers made up of a discussion list, a browser archive, and member-submitted articles. This article is the property of its author, please do not redistribute or use elsewhere without checking with the author.