SUMMARY: too much info in ftp logs

From: Danny Johnson (
Date: Mon May 10 1993 - 19:05:48 CDT

> We just enabled anonymous ftp on one of our servers.
> By convention, users enter their real names as the
> pseudo-password. We want to log this. The only log
> method we have found also logs REAL user names and
> passwords when non-anonymous ftp is used. This is
> not acceptable. We have temporarily turned off logging,
> but need to get this implemented correctly. How?
> /////////////
> Danny Johnson, Texas Instruments (214-995-8719)

The answer generically is to get a third-party ftpd
that supports selective logging. The following replies
were extracted from the many people who responded.
Thanks to everybody.

The modified fptd from WUArchive does what you want. It
logs the user ID for non-anonymous users, but logs the string
"password" instead of the real password.

1) Get a new ftpd package with the patches from the following sites:
         3) has the uunet-ftpd.patches

get wuftpd ( it does a much better job of everything
concerning ftpd. i've been running mine for a long time. get:
-rw-r--r-- 1 root 491520 Apr 9 13:21 wu-ftpd-2.0.tar
or newer. there was a security hole with the older version.

If you are using the wuarchive ftpd, there is a line in the "ftpaccess"
file that specifies the logging. Change it from:

log commands real,anonymous


log commands anonymous

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:49 CDT