Registered users may get it from member pages... I hope you like it ;p

Please read the changelog.. seems like quite a few people have missed the part where it tells you to use convertor for passwd & group files.

http://www.ioftpd.com/passwdconv/

sweat d1..

nice work once again

There seems to be some issue with ssl.. i'm working on a fix, but it might take until tomorrow to get it public

********************************************

easy....

1.edit /etc/group,copy to GroupIDtable, add ":STANDARD" each line
2.edit /etc/passwd,copy to UserIDtable, add ":STANDARD" each line
3.add ../modules
4.edit ioFPTD.ini -some lines
-start lines
-[events]
- modules-part
5./etc/ add host.rules,update .env
6.change exe lol

thats what i did...seems to run

cheers optixxx

yep

Min_Cipher_Strength = 168 <-- does NOT work.

128 bit works ok tho

5.0.1

Connections_To_Ban = 5 #
Ban_Counter_Reset_Interval = 120 #

could you provide an explanation for those two?

Are missing from the ini

5.0.1 still fails using 168 bit encryption

Originally posted by Pichento
Connections_To_Ban = 5 #
Ban_Counter_Reset_Interval = 120 #

could you provide an explanation for those two?

Are missing from the ini

Connections_To_Ban = When counter (per ip) reaches this limit, user gets banned

Ban_Counter_Reset_Interval = Once there has been this many seconds since client's last connection, counter is reset

Ohh..

Site will die, (connection refused after some time) with 5.0.1 :(

most connections are using SSL

Ohh now i know why site seems dead.

Using a control connection bnc. that might explai it. but when it happens i connect locally and still jsut seems dead (no reply)

Very strange...

Just seems to die (not accepting any connections). Users online are not affected.

It actually crashes..

Faulting application ioFTPD.exe, version 0.0.0.0, faulting module ioFTPD.exe, version 0.0.0.0, fault address 0x00035cc4.

OS: W2K3 Server (standard)

Investigated further:

Its uploading that crashes site. Using zipscript på caladan. Might be the reason, but shouldnt crash site?

Originally posted by Pichento
5.0.1 still fails using 168 bit encryption

Yep my ssl code seems to be rather dodgy :) I didn't have patience to rewrite it from scratch, so I just ported old code to fit new core (& looks like i did bad job at certain parts)

I will spend time tomorrow rewriting most of it.. (I managed to get it fully functional, but I don't trust quality of that before I've rewritten it)

Originally posted by Pichento
Very strange...

Just seems to die (not accepting any connections). Users online are not affected.

It actually crashes..

Faulting application ioFTPD.exe, version 0.0.0.0, faulting module ioFTPD.exe, version 0.0.0.0, fault address 0x00035cc4.

OS: W2K3 Server (standard)

Investigated further:

Its uploading that crashes site. Using zipscript på caladan. Might be the reason, but shouldnt crash site?

You need to provide more information than that:
- try disabling all scripts
- try removing all scheduler events
- find a way to replicate issue

(also make sure you got 5.0.1 as 5.0.0 crashes due to scheduler bug)

I'm inclined to believe its the SSL code. Been monitoring for the last three hours and it seems to be crashing at random

For now I've reverted back to 4.9.4r.

Ill wait for your newly written SSL code for 5.0.2 before trying again.

Sorry to make you work overtime....

Keep up the good work

If possible, try with ssl disabled (also make sure to disable all non-compatible scripts.. such as: ioa/iob) - as I need more information to determinate wheter there might be issues in other parts of code

Originally posted by darkone
all non-compatible scripts.. such as: ioa/iob

Is this because of the passwd and group files have been changed? And also does anyone know a way of updating then in ioA and ioB so they will work?

for now i can tell here

ioB - doesnt work at all here, only small parts like restart, ...
the KICK on NUKE etc doest work at all here, group,pasw seems hardcoded
the ZS incl. ioB dunno, cause i only used ioB as addon for some real nice command mouton did there

ioA - i just changed the conf to UserIDTable & GroupIDTable,
and it seems to work pretty good so far, doest look like it
disturbs with the :STANDARD
site request, site nuke/unnuke, site invite, site search,....

ioZS - working here with no changes

sitewho.exe - by changing the ini to UserIDTable,GroupIDTable it
at least doesnt crash anymore, but no results coming up

so far my experience here

zipscript-cs also seems to work flawlessly. Its almost certainly the SSL code.

iOA works.. kinda... In generel all scripts that wants the passwd & group file will need an upgrade now.

Most of SSL code has been now rewritten... there were some errors that could have caused crashing :/

Hiya d1.

Just tested 5.0.3 and unfortunately it will still crash after a few mins (no more login). users that are already on is not affected, but no one can connect (does not reply at all)

On the positive side SSL 168 does work with 5.0.3.

Hope you get the last bugs cured soon, so I can use the 5.x.x release.

UPDATE : site config rehash will crash ftpd and cause that above mentioned error.

UPDATE2 : 426 Connection closed: The specified network name is no longer available. <-- loads of those errors on upload transfers

hi, little SSL question between

when i use those settings its all just working fine

Require_Encrypted_Auth = *
Require_Encrypted_Data = !*
Certificate_Name = mycerthere
Explicit_Encryption = True
Encryption_Protocol = SSL3
Min_Cipher_Strength = 128
Max_Cipher_Strength = 256

when i change that data line to

Require_Encrypted_Data = *

i get all kind of crashes, while login, while fxp transfers, etc etc

so my question is, does encrypt. data for * doest work on fxp ?

before i get nuts here with settings all kind of stuff in ffxp ;)

cheers ahead

Which os/cpu you're using? Also does site config rehash cause daemon to crash instantly (Even if there's noone else logged in)

when using upper setup, its all fine

when using req encr. data = *

i get error like this

426 Connection closed: Your user class requires you to use secure connections.

no more crahses since 5.0.3 ;) just no fxp transfer possible

setup is

winXP pro
AthlonXP 2800+
3 x 512 megs Infineon DDR 2700

io 5.0.3, ioA 0.8.1, ioZS 1.0.6, some small addons

my question is, should it work with

req. encr. data = *

or is it normal that then theres no fxp transfer possible ?

OS: Windows 2003 Server (standard)
CPU: P4 2.53 mhz

No site config rehash, does not actually crash site. It prevents further logins. People who try to login after a site config rehash, will get no reply from daemon. They get a connection failed / timed out.

Alturismo: It requires encrypted fxp transfer..

Pichento: email me your ftpd including userbase & scripts etc..

Alturismo: It requires encrypted fxp transfer..

means ?

both sites need to run in SSL mode or what ?

cause io SSL to io SSL doesnt work either here

same error

426 Connection closed: Your user class requires you to use secure connections.

and when i enable in ffxp SSL site to site doesnt work either cpsv unsupported etc

u said already aint supported by io

so,

what i dont get now is,

should a normal fxp from 1 site (whatever setup) to an io SSL site
work when i enable

Require_Encrypted_Data = *

or is that normal that i have to set like

Require_Encrypted_Data = !*

cause then its all fine here, if it should work with * then i have to check here all again

sorry dark, i miss the point here ;)

Alturismo:

Require_Encrypted_Data = !* - none have to use encryption
Require_Encrypted_Data = * - all have to use encryption

hehehehe

i know that

but should it work then with data encryption, and if so,

how to set ffxp to use that

i have Auth SSL enabled
with SSL list and SSL Upload/Download

thx ahead

Mail sent darkone...

Did you mean by crashing, that deamon stays running, but all ports close? That's what happends to me when i rehash with your config (propably some check broken somewhere).

Excatly d1.

found another bug:

530 Login failed: Maximum concurrent connections for single host reached.

Even tho host.rules is ok and ppl should not be blocked.

Atvually i commented out all but:

# Default policy
#
# POLICY ACCEPT CONNECTIONS_PER_IP
# POLICY DENY
#
POLICY ACCEPT 5

When using an entry bnc, it seems like ioFTPD thinks all connected users are from same ip.

At least thats my theory :)

d1: Just an FYI, 5.03 works so far with SSL here. I even was able to put io_thread_count back to 3 (from 1)...

OS: WinXP SP1
CPU: Dual Intel Xeon 2.0 Ghz

Originally posted by Pichento
Excatly d1.

found another bug:

530 Login failed: Maximum concurrent connections for single host reached.

Even tho host.rules is ok and ppl should not be blocked.

Atvually i commented out all but:

# Default policy
#
# POLICY ACCEPT CONNECTIONS_PER_IP
# POLICY DENY
#
POLICY ACCEPT 5

When using an entry bnc, it seems like ioFTPD thinks all connected users are from same ip.

At least thats my theory :)

Host.rules is not available for bouncer use (like you said, it uses bouncer's ip) Idea of hosts.rules is to kill connection before any/many resources are allocated to it

You can fix the rehash issue by adding Bind address to every device that you have host specified to non 0.0.0.0.

Fixes remaining ssl problems & rehash issue.

as i told you for beta 4.9.x there's still a problem when using 2 network cards (with ip A & B).
I use this kind of config :


[Any]
Host = 0.0.0.0
Ports = 1024-2048
Random = True
;Bind =

[dataB]
Host = 172.16.23.109
Ports = 20000-25000
Random = True
;Bind =

[dataA]
Host = 172.16.23.108
Ports = 20000-25000
Random = True
;Bind =

[FTP_Service]
Type = FTP
Device_Name = Any
Port = 21
Description = noserver
User_Limit = -1
Allowed_Users = *
;Messages = ..\text\ftp

;Require_Encrypted_Auth = !*
;Require_Encrypted_Data = !*
;Certificate_Name = 192.168.1.11
Explicit_Encryption = True
Encryption_Protocol = SSL3
Min_Cipher_Strength = 128
Max_Cipher_Strength = 384

;Get_External_Ident = True

Data_Devices = dataA dataB
Random_Devices = False


//note : ips are from LAN, no firewall at all.


problem is : when connecting to ip A, pasv's working fine when receiving data from ip A, but can't get (connection refused) data when ip B is given by the ftpd, and vice-versa (when connecting to ip B, can't get from ip A, but from ip B is working fine ...)

i'm using Windows 2000 (srv) US with sp4, on a xp2100+

When you rework the cookie system, could you please document the cookies. In particular I'm searching for the [who] cookie info. I can't seem to find anything on that.

thanks!

I'll try to find some time for it.. (i'm already working on the cookies :))

5.0.5
- Fix: Timers could cause crash
- Fix: DC_USERFILE_UNLOCK & DC_GROUPFILE_UNLOCK were bugged
- Change: SuperCookie parser rewritten

5-0-7r

WKDN, WKUP and Totals aren't working anymore. the MB uploaded and downloaded are not shown properly. I have one user with 1000 MB upload. He is number 1 in WKUP and the log shows 0.1 MB for him.
Totals show 0.0 GB in all categories.

I took a look in the userfiles. the transfers are counted properly as far as i can see.

I replaced 5-0-7 with 5-0-4 and everything is ok again.

I suggest keeping 5.0.7 until I get patch out.. problem is with stats output, while in 5.0.4 there are several of other problems which affect stability

stats are back and working in 5.0.8.

Nice work d1!

Ok.. Set your ident timeout to 1000x what it's (temporary fix for ident reader.. forgot to multiply that value with 1000)

darkone, how you can turn ban settings off in ioftpd.ini ?

Connections_To_Ban = 5 #
Ban_Counter_Reset_Interval = 120 #
Temporary_Ban_Duration = 1200 # Seconds host remains banned

also have some probs with telnet connecting. dunno if its releated to that ban conf but i can telnet always after restarting ioftpd.exe (e.g. ioGui, putty and sitewho.exe by fr0z3n). then if i wanna reconnect via telnet i simply cant :( (that's why i get that child process blabla error in bot)

regards

Originally posted by zpr
darkone, how you can turn ban settings off in ioftpd.ini ?

Connections_To_Ban = 5 #
Ban_Counter_Reset_Interval = 120 #
Temporary_Ban_Duration = 1200 # Seconds host remains banned

also have some probs with telnet connecting. dunno if its releated to that ban conf but i can telnet always after restarting ioftpd.exe (e.g. ioGui, putty and sitewho.exe by fr0z3n). then if i wanna reconnect via telnet i simply cant :( (that's why i get that child process blabla error in bot)

regards


agree 100% !

do not disable bans. use conservative values.

I doubt u want to allow someone hamering 50 connections each 5 secs...