[ale] VSFTP allowing some users to access /

[Joshua Kite]

Hello all.  I'm generally a lurker here, but I've really enjoyed learning
from everyone else.

A few weeks ago I set up an ftp site on my personal server for work use
because our work server is constantly full.  I'm using VSFTP on Edgy.

I believe everything is set up properly for security, but I've recently run
into the same experience on two separate occasions, and now I'm convinced
that my box is open to attacks, and I'm not sure what to do about it.

Anonymous access is off, and I have chroot_local_user set to YES.

Here's the situation.  When the user logs into FTP he is supposed to go to
his home directory and be restricted to it.  Only two logins are supposed to
be able to leave their home directory.  However, in some situations it is
possible for a user to attempt to access my ftp site and they are
immediately directed to / with full privileges.  I can confirm that this is
happening on one PC running IE7 on XPsp2, but I cannot replicate it on a PC
running IE7 on Vista Home.  Unfortunately the other user who has experienced
this (actually, the first one to report it) is in Singapore, and I've had a
hard time getting enough details from him to be helpful.

Does anyone have any thoughts, or could you point me to the right place for
help?

Thanks,

Josh Kite
-------------- next part --------------
An HTML attachment was scrubbed...