NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
FTP bug? - can anonymous FTP when user mode selected
Hi,
I hope I am overlooking something here but I don't think so....
ReadyNas NV+ RAIDiator 4.1.8
I have FTP set for "Authentication: USER" (Standard File Protocols - FTP) but I can authenticate as anonymous FTP (see below).
I have stopped and restarted the FTP Service and rebooted the device.
Can anyone else replicate this?
C:\windows\system32>ftp nas2
Connected to nas2.
220 ProFTPD 1.3.3c Server (NETGEAR ReadyNAS) [XX.XX.XX.XX]
User (nas2:(none)): anonymous
331 Anonymous login ok, send your complete email address as your password
Password:
230 Anonymous access granted, restrictions apply
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
PUBLIC
226 Transfer complete
ftp: 8 bytes received in 0.00Seconds 2.00Kbytes/sec.
ftp>
Thanks
Andrew
I hope I am overlooking something here but I don't think so....
ReadyNas NV+ RAIDiator 4.1.8
I have FTP set for "Authentication: USER" (Standard File Protocols - FTP) but I can authenticate as anonymous FTP (see below).
I have stopped and restarted the FTP Service and rebooted the device.
Can anyone else replicate this?
C:\windows\system32>ftp nas2
Connected to nas2.
220 ProFTPD 1.3.3c Server (NETGEAR ReadyNAS) [XX.XX.XX.XX]
User (nas2:(none)): anonymous
331 Anonymous login ok, send your complete email address as your password
Password:
230 Anonymous access granted, restrictions apply
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
PUBLIC
226 Transfer complete
ftp: 8 bytes received in 0.00Seconds 2.00Kbytes/sec.
ftp>
Thanks
Andrew
8 Replies
Replies have been turned off for this discussion
- anyone?
- I get the following when I try this with my duo (also running 4.1.8). This is using filezilla
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.3.3c Server (NETGEAR ReadyNAS) [192.168.1.10]
Command: USER anonymous
Response: 331 Password required for anonymous
Command: PASS **************
Response: 530 Login incorrect.
Error: Critical error
Error: Could not connect to server - Try switching to Anonymous mode, saving, then switching back to User mode. This should reset to config files.
- Hi,
Done that a few times.
When I have time I'll enable SSH and see what's going on.
I will also test on another nv+ next week.
Ta - Feel free to send me a config backup if you'd like me to take a look. You can use the instructions for sending logs in my sig.
- I sent the logs a while ago. But have also since enabled SSH and had a look at what is happening.
When Anonymous is selected the following is in the proftpd.conf
Include /etc/frontview/proftpd/ftps.conf
Include /etc/frontview/proftpd/Anonymous.conf
Include /etc/frontview/proftpd/User.conf
When user is selected it changes to the following
Include /etc/frontview/proftpd/ftps.conf
Include /etc/frontview/proftpd/Anonymous.conf
So instead of replacing the "Anonymous" line with "users" is seems to just be adding and removing the "users" line, thus the the Anomyous config still applies.
Anyway I have fixed it manually. Lets hope it is not happening to anyone else with a NAS attached to the internet. - DUP... Typed that the wrong way around
When Users is selected the following is in the proftpd.conf
Include /etc/frontview/proftpd/ftps.conf
Include /etc/frontview/proftpd/Anonymous.conf
Include /etc/frontview/proftpd/User.conf
When Anonymous is selected it changes to the following
Include /etc/frontview/proftpd/ftps.conf
Include /etc/frontview/proftpd/Anonymous.conf - Sorry for the late reply, but yes, it should be either User.conf or Anonymous.conf if you're in User security mode.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
