PDA

View Full Version : ftp Server@home



Stumped Badly
03-01-2003, 11:37 PM
As a bit of a project I want to set up an ftp server at home.
I want to allow users to connect to it from the internet to upload & download files.
I have 1/2 dozen machines at home I could use ranging from 233 with 64Mb of ram up to a 1GHz Athlon & a 1200MHz Duron with heaps of ram.
I want to use either Red Hat 7.3 or Red Hat 8 or Mandrake 9.0 with Apache 2.0 on a 56kModem (I know it will be relatively slow & Jetstream will be used when I can get access)

My questions are:
I have 2 ISPs, xtra & quicksilver.
Is there anything legally stopping me doing this?
Are there any decent tutorials covering what I want to do?
Is there anyway the ISP's can govern what material I host? (No porn if that's what you're thinking)
Does anyone else do this & if so can you advise me of any pitfalls I may encounter?
What size machine would be suitable?
Should I use a seperate machine as a firewall/proxy?

Thanks in advance
SB

TazzieNZ
03-01-2003, 11:59 PM
Depends what sort of account you are using >>>> 99% of ISP's have it in their Terms that you can not use your account to run a server ..... grounds to kick you ......

also set your port for it to a high range number as ISP's do watch traffic on 21 and 80 to see who is running servers .....

also if you are running an FTP keep an eagle eye for people hacking it for more dubious purposes .............

anyway I use this programme on my 2K server "BulletProofFTPServer2"

after you have installed it follow these instructions:


1. Open up the program.
2. To add users, go to Setup > User Accounts
3. In the far right window (titled "User Accounts"), right-click > Add
4. Type in a user name
5. User will be created. Then, in the middle of the window at the bottom, there
will be the new user name there, along with a random password already generated.
Change the password to whatever you want.
6. To make this user have access to directories or folders in your FTP, in the
middle-top window, right-click > Add
7. Select the folder/directory you want veiwable to the user.
8. Once added, click the new folder Line it added there, and along that there
will be a bunch of things to check off. Check off ALL except the two "Delete's"
9. Repeat any of the above to add additional users/directories.
10. To do additonal tweaking for that user account, use the section along the left.
Defaults are good, but if you're not crappy at this, you can change a few things.
11. Under Misc: you can change the Timeout. Also, check off "Show Relative Path"
- this will make your FTP directory look like this: /
and when someone opens up a subdirectory, it'll look like this: /WhateverTheFolderNAme
Why bother? Looks nicer (rather than C:\Windows\Documents and Settings\Someother Crap\
12. That should be all you should have to change.
13. To change overall Server settings, like the Name of it, go to: Setup > Main > General

Stumped Badly
04-01-2003, 12:16 AM
Thanks for the info Tazzie.
For various reasons I really want to use a Linux/Apache combination.

If 99% of ISP's won't let you run a server, what do large businesses & academic institutions use?

Cheers
SB

Gorela
04-01-2003, 12:28 AM
Hi Stumped,
Generally FTP is for file downloads only. As you are allowing anyone to access your machine there are big security problems. With this in mind it is a very good idea to run behind a firewall. If you set up a firewall machine running say Smoothwall this allows you to seperate the FTP Server from the rest of your network as Smoothwall gives you the option of having a green (ie personal network) and orange (the FTP or web server) segments that are get seperated.

The linux version is entirely a personal decision, but if you go for Redhat use 8.0 rather than 7.3 as last time I loaded 7.3 there were at least 200meg of security updates and a server MUST be running ALL the latest patches.

Check out FAQ80 for the links to the help files and read up on how to set Apache and the FTP server in a "jail or goal" as this reduces the risk of being hacked by moving these items into a user other than root.

You also need to organise a manual partition set-up so that the root partition is entirely seperate. Mandrake 9 seems to have a reasonable partition set-up if you tell the wizard that it is for a server while Redhat appears to merely have a / partition.

Hope that this helps, but be warned that Smoothwall requires less than 1 gig and will use the PC solely for it's self.

-=JM=-
04-01-2003, 12:31 AM
I think you'll find that on dial-up they won't mind so much.

Also on JetStart they don't mind too much either, if it's just for personal reasons. If you weren't allowed servers you couldn't even use XPs remote access thing.

Stumped Badly
04-01-2003, 12:54 AM
Thanks guys.

I was going to use IPCOP for the firewall on a seperate machine as I want the whole setup to run on Linux as much as possible.
I know using Windows/apps would make life easier but I want it to be as hard as possible if that makes sense.
I want to have to manually configure everything, so I learn as much as possible & know what is going on behind the scenes rather than do the click & setup scenario & not have a clue what is happening or why.

The whole idea of the project is to learn as much as possible & once I have done that I will probably repeat the exercise & create another couple of servers using wysiwyg proggys.
I've just spent the last hour scouring xtra's site looking for info but can't find any.
Heading over to quicksilver now to see if they have any problem with it.

Thanks for your comments, the more advice I can get the easier my project will be.
Cheers
SB

Gorela
04-01-2003, 01:15 AM
SB,

I would be very interested in knowing what IPCOP is like as far as ease of installation and apparent performance. I have been running Smoothwall GPL for over 12 months now and it seems to be pretty good.

They have just released the latest ISO which brings it up to version 1.0 and there is also a beta of version 2.0 which I am hoping to play with as soon as I sort myself out.

If you really want to have some fun on the firewalling front you can check out LRP/Matterhorn which are various floppy based router/firewalls..........

Anyway keep us posted!

TazzieNZ
04-01-2003, 08:49 AM
> I think you'll find that on dial-up they won't mind
> so much.
>
> Also on JetStart they don't mind too much either, if
> it's just for personal reasons. If you weren't
> allowed servers you couldn't even use XPs remote
> access thing.

They tend to get "raggy" about it for any purpose as a large proportion of private FTP's tend to get hacked and then they end up in disputes with customers over data flow .... when I was with xtra they discovered I was running an FTP and I was given a warning to close it or my account would be closed, and I was using it purely to access files between home and massey.

As for commercial accounts that is another story again as the customers are paying substantial amounts for their services, but then a large proportion of businesses are switching over to VPN's for employee access.

quote from xtra TOC for jetstream starter:

"not run servers, use Static IP addresses or provide any public information service from a computer connected via this plan (or allow your account to be used for these purposes or in this manner);"

Stumped Badly
04-01-2003, 03:21 PM
Thanks Tazzie.
So as a student doing his best to learn about this sort of stuff in real world situations, how does one go about it?
I want to set up servers & then get selected "hackers" to do just that "HACK IT"
How else am I going to learn.
All very well reading all the info, passing various tests etc. but "real time experience" is what counts at the end of the day surely.
Cheers
SB

Graham L
04-01-2003, 03:29 PM
Why not have a LAN? Put Linux on one machine, and run Apache, ftpd. telnetd, Samba, etc, on it. You don't need a huge machine for that ... a 486DX2 will do it.

Then hit it from your other machines. It doesn't need to be accessible to the world. Apart from anything else, that keeps your mistakes secret. :D
When you are confident that it works properly, plug its modem into a phone line, and let your friends dial in.

ISPs will sell you a fixed IP address and let you pay to run a server. But when Telecom find out, they'll want you to pay for a business line too. :D

Stumped Badly
04-01-2003, 03:37 PM
Thanks Graeme,
I aready have a lan partially setup running samba, Apache etc but wanted to open it up to the net for the reasons above.
I really want a whole heap of different users to be able to access it from anywhere & pick it full of holes, so I can learn as many pitfalls as possible.
The intention was to "expose" my mistakes so I can learn from them.
Don't really want my drives formatted but a wee text file along the lines of "ha ha fool, I've just been here" & how they did it would suffice.
Cheers & thanks for the info.
SB

Gorela
04-01-2003, 11:11 PM
As Graeme suggests, do the hacks yourself. Set the servers up and scan it with nmap, SAINT, Nessus or any of a number of other security tools. Check your passwords using Crack (recommended machine is about 900Mhz) and see which ones hold up reasonably well against a good dictionary file.

If you really want others to break in check out how to set up a honeypot. Have a look at http://honeynet.planetmirror.com/ for some info.