Howdy,

        Recently while browsing through security logs I noticed that quite a few of the hosts
connecting to the machine did not resolve, I've checked into it, and apparently ProFTPd does
not check forward to reverse DNS mappings, and only resolves the IP address connecting. This
could easily lead to an attacker hiding his real hostname from logfiles, or an attacker
slipping through ACL's by modifying their hostname. For the time being I recommend that the
option 'UseReverseDNS' be disabled in the configuration file until this is fixed.

Unfortunately I was not able to contact anyone to discuss this, as www.proftpd.org has been
down for the past 4-5 days that I've tried it, the version tested was 1.2.2rc2.

                                Matthew S. Hallacy

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]