ioFTPD v6.0 is HERE !

[zOrP]

hukker nop.. i just copied my old users and grps.. :x

And i dont get wrong ip.. i get
18:44:14) [2] Connection Reset by Peer(10054)
like its shut off.. :s

[Yil]

Hey zOrP. Check your IP Banning options. From the ioFTPD.ini file:

Code:

# To be removed from the ban list a user MUST NOT attempt to connect during
# the temp ban time else he'll just keep pushing the ban farther out...
Connections_To_Ban         = 6          # 6 connections without a reset and
                                        # IP is temp banned (5)
Ban_Counter_Reset_Interval = 60         #
Temporary_Ban_Duration     = 600        # Seconds host remains banned

If you have 6 connection attempts within 60 seconds you will ban yourself. I did make 127.0.0.1 IMMUNE from banning though

If you use a BNC you could easily generate 6 in 60 so you'll want to change that to like 100000 connections in 60 seconds or something...

I consider it a slight problem that there is no log entry for when an address gets banned. I really should add one I guess just so people can figure out what is going on.

[ubiquity]

any mirrors for 6.0.4 ? can't seem to download it from yil's webspace...
edit: never mind.. it's back up

[zOrP]

Ah nice Yil.. That did the trick..

Well the function you use there, for banning ip. Could that be used on login. I meen for the gl function i talked about. Cause here i didnt get to login either. i just got denied like site was down.

So maybe the function in realilty is to ban all ips not added to any specific user on site..

And is it possible to make users/ips exempt from gettin banned after 6 retries.

Cause when using alcobot it logs in and out every minute..

[Yil]

IP banning isn't persistent. If you restart ioFTPD it is reset. There also isn't a list of banned IPs, it just sort of keeps count of connection attempts from an IP address and rejects users after noticing the limit has been reached. You can scan the host cache and figure out which IPs are banned to generate a list on demand (that's what "site bans list" does). You can also remove an IP via "site bans remove xx.xx.xx.xx" but there is no way to currently add an IP.

There is no way to make users exempt from banning since you don't know who the user is at the time of the decision, however I suppose I could add an option to allow you to specify IP address masks that would be immune from banning.

On the other hand, if the stealth option gets implemented then a complete list of valid IPs would be available and known user IP masks could be exempt from banning if you wanted. However an out of control client would still be annoying...

alcobot logs in and out every minute? Ouch. That must generate some nice sized logfiles... Isn't there an option to let it keep the connection?

[hukker]

Quote:

Originally Posted by Yil

alcobot logs in and out every minute? Ouch. That must generate some nice sized logfiles... Isn't there an option to let it keep the connection?

nope not at the moment...

Changing the amount of connections / reset interval should work... I use 10connections / 60sec, no ban yet

[ArtX]

i posted about alcobot doing that just after ioftpd 6.0 was released - i think its a script issue due to a few changes, when/if nexord has a chance to look i sure he will fix it , and from what i have seen when using it the disconnection reconnection doesnt seem to cause that much of an issue apart from the spamming in logs and pm it does

[hukker]

Hoj Yil.

Iam not sure, ive tested it a few times over, both running ioftpd service/non service but I think this isnt working as it should, Iam still getting the ip of the host in xferlog.

Can anyone confirm this?

# in xferlog hide the hostname field of the transfer entry, (default=false)
Hide_Xfer_Host = True

ioFTPD 6.0.4.0

[tuff]

Yil,

A possible addition to ioftpds itcl command set would be welcome, let me elaborate a little

at the moment, scripters can

set windows_readable_path [resolve vfs $ioftpd_vfs_path]

but we cant reverse that

set ioftpd_vfs_path [resolve real $windows_readable_path]

at the moment, im using a dirty hack involving parsing vfs files to accomplish this/

also, how about my sugestion regarding adding an itcl command to

set crc32 [crc32 $file]

and while i remember, allowing ioftpd to calc the complete crc32 for a resumed file,
as at the moment, it will only pass the resumed contents crc32 to scripts

just a thought

[zOrP]

Nope hukker..
Works fine here.
Wed Apr 11 23:56:19 2007 17 [hidden] 15000000 /covers/Some.test.folder/some.test.rar b _ i r z0rP ftp 1 zorp l




Yil..

Quote:

IP banning isn't persistent. If you restart ioFTPD it is reset. There also isn't a list of banned IPs, it just sort of keeps count of connection attempts from an IP address and rejects users after noticing the limit has been reached

Is it possible to then add all ips as banned.

Quote:

You can also remove an IP via "site bans remove xx.xx.xx.xx"

And then when adding a ip to a user, make a script do "site bans remove ip@of.user"

Thats prolly what glftpd does..

[eieregooie]

Is TLS supposed to accept Auth SSL?

Code:

# limit encryption to a particular type: SSL2, SSL3, TLS
# leave this undefined to support any of them
Encryption_Protocol     = TLS

I have my .ini set like this, but Auth SSL connections are accepted too.

Code:

220 FTP Server ready.
AUTH SSL
234 AUTH SSL successful.
Connected. Negotiating SSL session..
SSL negotiation successful...
SSL encrypted session using cipher AES128-SHA (128 bits)
PBSZ 0
200 PBSZ 0 successful.

I'm using 6.0.3

[Yil]

Tuff, I like the idea of making CRC summing an option now since a lot of people don't use the value so why compute it... On the other hand if it's turned on the CRC should always be of the entire file like you want since that makes the most sense when checking SFV's and such. Once the logic to read/compute over a previous portion of a file is done adding the ability to calculate it for any file would be possible.

Resolving real to vfs paths is a dirty hack hehe! I don't see why I can't add an option to let you use the internal resolver though. Looks like you're forced to do exactly what it does by looking at the mount table for the best match... This should have been there all along in my opinion.

eieregooie: I think there are two different issues here.

1) AUTH SSL and AUTH TLS are the same (actually I looked at the code and the only difference is for some reason SSL implies PROT P and TLS doesn't... that's probably a bug, it shouldn't assume that). To really force users into only sending AUTH TLS you would need to write a FTP_Pre-Command_Event that rejects the SSL option.

2) The actual SSocket code can be configured to accept certain protocols at the handshake stage and that is what Encryption_Protocol does. Further complicating things is TLS v1 and SSL v3 I think are really the same thing since I think TLS v1 is just the formally reviewed and accepted version of SSL v3. Thus a TLS implementation will accept a v3 connection request, but it might not work the other way around because TLS may allow newer options. If you set it to SSL2 though I'm pretty sure it will reject TLS/SSL3 though.

SSL or TLS isn't really the important part here which is why ioFTPD just accepts either name. They are just the means of handshaking certificates and selecting an algorithm. In your case AES128-SHA...

[ADDiCT]

Quote:

Originally Posted by Yil

Once the logic to read/compute over a previous portion of a file is done adding the ability to calculate it for any file would be possible.

If I'm not mistaken, CRC32 can be computated "incrementally": if you already have the CRC32 value of the first part of the file, you can use that as the starting value for the algorithm and then feed it only the new bytes. By storing the intermediate CRC32 value (before the resuming), alot of CPU and disk operations can be saved.

[tuff]

Yil, just incase you go do somehing crazy, i dont want the on the fly crc32 stuff to be optional, it SHOULD NOT BE REMOVED or set as an option :P

i think you picked me up wrong there

the set crc32 [crc32 $file] i was referring to was an additional itcl command request :P

[tizio]

I am currently testing ioFTPD v6.0.4 with ioShareDB v0.9.0, mySQL v4.0.16, mySQL ODBC Drivers v3.51 and NO additional scripts (basic 6.0.4 package). After few minutes ioFTPD crashes with this error:
Unhandled exception 3221225477 at address 0x01f19856 (0x00000000)
0x00000000 0x00000083
Can someone tell me how to solve this problem?