[Possible] WS_FTP Log File Detected
Description
WS_FTP is a widely-used FTP client application that automatically generates a log file named WS_FTP.LOG in accessible directories. This log file records detailed transfer activity including source and destination paths, filenames, timestamps, and potentially user credentials or session information. When this file is accessible via web server, it exposes sensitive operational data to unauthorized parties.
Remediation
Take the following steps to remediate this vulnerability:
1. Immediately remove the WS_FTP.LOG file from any web-accessible directories using the following command:
rm /path/to/webroot/WS_FTP.LOG2. Configure your web server to deny access to log files by adding appropriate access control rules. For Apache, add to your .htaccess or configuration file:
<FilesMatch "\.(log|LOG)$">
Require all denied
</FilesMatch>For Nginx, add to your server configuration:location ~* \.(log|LOG)$ {
deny all;
return 404;
}3. Relocate WS_FTP log files to a non-web-accessible directory outside your document root.4. Review and remove any other log files or sensitive data that may have been inadvertently placed in web-accessible locations.