Strange line i ve found in xferlog today... when i start upload to my ftp from antoher one (site to site) thru flashfxp.. i can see the other computers IP on the xferlog, thats it security risk isnt it? who wants its ftp ip to be on other peoples xferlogs :S

Why would that be a bug? That information is part of the xferlog log format (just google "xferlog").

To disable the xferlog completely, give it the read-only attribute.

attrib +R C:\ioFTPD\logs\xferlog

Why would that be a bug? That information is part of the xferlog log format (just google "xferlog").

To disable the xferlog completely, give it the read-only attribute.


Well as i said if someone is doing site to site from my ftp to another computer with ioftpd... my ip will be on that computer wich i dont like... why would it even involve its ip when you are not the one uploading??.

i know i can disable it on somehow but its my security iam concern about... as now i can do a shit maybe disable site to site upload... and once again why why why would it show my ip on someone elses log...



Thx for replying....and yeah my english is rusty :D

Because the ip address you've found in the xferlog is the one associated with the data connection. When you transfer files between two ftp servers (fxp), the data connection is established between the two servers; you're only involved for the control connection.

Because the ip address you've found in the xferlog is the one associated with the data connection. When you transfer files between two ftp servers (fxp), the data connection is established between the two servers; you're only involved for the control connection.



Yeah but still, i havent seen any FTP do this, even raidenftpd loggs the ip of the person who uploads it...

SBC,

i dont underestand why you consider seeing the FXP-IP in your log a security issue. This gives you the possibility to control where your fxp uploads come from.

Why would you bother if others see your ip on FXP from you? Do you have anything to hide? :)

SBC,

i dont underestand why you consider seeing the FXP-IP in your log a security issue. This gives you the possibility to control where your fxp uploads come from.

Why would you bother if others see your ip on FXP from you? Do you have anything to hide? :)




Its not problem for me to se were the files comes from the problem is, when a user do site to site from my site too another site, then that other site have my ip... and yes i see that as security issue since i dont want my ip to be on antoher sites, offcourse i can disable the site to site thing but ill rather change ftp server software than disabling site to site.

Maybe there is a way to disable creation of xferlog or maybe so it wont write ip only user name??

yes change the ftp server software :)

they all do it the same way ...

Or make the xferlog file readonly. That will disable it for your server.
I'm afraid you can't do that for the other servers. You will have to trust your users (but that's another story).