
to the public is a liability. FTP logs in particular give the hacker that many more
files to look for and can also reveal such things as the system name, client IP
address, or even the internal IP address of the system.Think about who FTPs to
a Web server—most likely someone with privileges, and if that IP traces back to
a residential line, an alternative target comes to light: a system that will probably
be considerably less defended but has plenty of access to the Web site.
Never allow log files of any type to gather on a server in the Webroot,
because they won’t attract dust. Figure B.3 shows a quick Google search for a
very common FTP log filename ...