Go Back   FlashFXP Forums > > > >

ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD.

Closed Thread
 
Thread Tools Rate Thread Display Modes
Old 08-23-2007, 07:32 PM   #76
rolan
Member
 
Join Date: Jul 2006
Posts: 72
Default

Quote:
Originally Posted by hukker View Post
rolan: site syslog -max 6 *
will give you 6 of the newly added lines

the star "*" is used like a wildcard, so you can search for *added* only, or an ip or a username etc...
okay, its works, site cmdlog ... not work?
rolan is offline  
Old 08-23-2007, 08:09 PM   #77
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

rolan: there is no builtin log commands. ioA I know offers syslog/cmdlog/etc site commands. Double check that you have the required ioFTPD.ini entries and permissions set.

I've started work on 6.3 with a big to-do list of cool features (see the feature thread). The first item is saving crash information in the log directory so after crashes people can send me more detailed information than just the address

I've also become convinced that the version of TCL we've been using has issues so I've upgraded/rebuilt TCL/PHP for the upcoming release.
Yil is offline  
Old 08-25-2007, 03:13 AM   #78
hukker
Senior Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Jun 2004
Posts: 165
Default

rolan, you seem to have a script which only supports errlog and syslog.
If you want more try another script bud, like Yil sudgested ioA
hukker is offline  
Old 08-26-2007, 05:46 PM   #79
Soxiz
Junior Member
FlashFXP Beta Tester
 
Join Date: Sep 2002
Posts: 9
Default

Hey Yil

Here are some more errors from logs:

Unhandled exception 3221225477 at address 0x7c81bd02 (0x00000000) 0x00000000 0x46d39006
Unhandled exception 3221225477 at address 0x7c81bd02 (0x00000000) 0x00000000 0x5d0af006
Unhandled exception 3221225477 at address 0x0042eadf (0x00000000) 0x00000000 0x58026fc7


Best Regards
Mads
Soxiz is offline  
Old 08-30-2007, 12:08 AM   #80
PSA9
Member
FlashFXP Registered User
ioFTPD Foundation User
 
PSA9's Avatar
 
Join Date: Apr 2006
Posts: 54
Question

Yil did u do anything to the code that forces u to use user ioFTPD,
reason i ask is cause i have changed the user to Admin and the group to Admin and just wondering if it has a effect to ioFTPD?
PSA9 is offline  
Old 08-30-2007, 04:08 AM   #81
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

I don't see any reason why ioFTPD would care what the names are. If you were to delete user 0 and/or group 0 that will have impacts. The .ini file of course refers to the default user/group so that would have to be updated, and a number of scripts assume 0:0 as the defaults... I can't think of any specific case where the code itself uses 0:0 instead of the .ini values, but that doesn't mean it doesn't exist.

Change the name, but don't nuke the accounts and you'll be fine.
Yil is offline  
Old 08-31-2007, 10:52 AM   #82
rolan
Member
 
Join Date: Jul 2006
Posts: 72
Default

new crash ,

Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x02c0020d
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0xb5488004
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0xffffffff
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x66053eff
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x1d04b99f
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x583c0804
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x00000003
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0xffffffff
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x4504d188
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x00000002
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0xfffffc01
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x11000934
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x46460597
Unhandled exception 3221225477 at address 0x7c95a412 (0x00000000)
0x00000000 0x046bc14d
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x40bb1f00
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x6c75522e
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x00000002
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x0d17030d
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x033e9802
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x00000003
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x00000001
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x00000002
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x00000001
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x00000003
Unhandled exception 3221225477 at address 0x7c94bd02 (0x00000000)
0x00000000 0x00000003

use ioFTPD 6.2.1 ,ioNiNJA 1.0 and nxTools 1.0.6
rolan is offline  
Old 09-01-2007, 02:20 AM   #83
Flow
Senior Member
FlashFXP Beta Tester
ioFTPD Foundation User
 
Flow's Avatar
 
Join Date: Dec 2001
Posts: 306
Default

How come i never get those crashes? These gotto be scripts issues.
Flow is offline  
Old 09-01-2007, 03:41 AM   #84
peep
Senior Member
FlashFXP Scripter
ioFTPD Foundation User
 
Join Date: Sep 2003
Posts: 132
Default

Which it also the case here, since the address starts with 0x7 (which ZR informs us on the first page means script-related crash)
peep is offline  
Old 09-01-2007, 04:29 AM   #85
o_dog
Senior Member
 
Join Date: May 2007
Posts: 692
Default

ioftpd shouldn't crash though from script problems
o_dog is offline  
Old 09-01-2007, 10:21 AM   #86
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

There are a few potential "script" related issues. I believe I mentioned that I don't trust the TCL build since I know I've found at least one issue with it so I've upgraded to the latest version and recompiled everything for the next release. Hopefully this will help.

Secondly 0x7 addresses include windows library routines. Obviously the problem isn't the functions themselves, but rather bad arguments to them, but how and why is still beyond me. Of course if the TCL library was corrupting the heap this would go a long way to explaining problems.

Empirically sites running .exe scripts seem far more stable than pure TCL scripts although this is just my personal observation. Either this means the bug is in the ioFTPD functions exported to TCL or inside TCL itself. Since I know I've found one problem in TCL itself I'm tempted to blame it right now. I probably should setup ioSFV locally though and run tests with it since it uses a lot of the ioFTPD exported functions...

Hopefully I can get the 6.3 release with the new error handling code out soon.
Yil is offline  
Old 09-01-2007, 10:34 AM   #87
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default TCL v8.4.15

That got me thinking. I checked the header files for the new and old TCL releases and no structures changed so the new TCL .dll should be a drop in replacement for the old one... If you want, try upgrading to the new .dll and see if that makes a difference

tcl84t.dll-v8.4.15.rar
Yil is offline  
Old 09-03-2007, 01:54 PM   #88
nickelamerson
Junior Member
 
Join Date: Sep 2007
Posts: 3
Red face

YIL, this is nice, thanks !

_______________________
http://www.iplobster.com
nickelamerson is offline  
Old 09-04-2007, 11:29 AM   #89
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default Dynamic IP address support

I've already done a number of things for the new upcoming 6.3 release that you are all going to love! There is one feature I'm going to ask for feedback on just in case I'm missing something and this solution won't work. I'm looking to find a way to support dynamic IP addresses for those few people who have wildly different addresses assigned to them all the time.

Basically my solution is a simple knock knock algorithm with a twist. You supply a list of ports in the .ini and if the user attempts to connect in the order listed two things happen. First the IP is added to a temporary list so if you are using Reject_Unknown_Ips the individual can actually get the ftp prompt. Second, and my lightbulb idea, if you attempt to login to an account that contains a fully qualified hostname (i.e. no wildcard) the server will resolve the stored name and then use that for the access check.

I've already implemented rules for IP/Host masks so you can control who can allow what. This is from my .ini file:
Code:
# Requirements/rules for adding IP masks by the specified users.  You can
# have up to 20 consecutive entries starting at 1 which will be processed in
# numerical order with the first satisfied rule allowing the change.  If
# no rule is matched then the change is prohibited and the user shown a list
# of valid rules for them.  If Secure_Ip_1 is not defined everything is
# acceptable for backwardward compatibility.
#
# Format: <ident> <type> <min-fields> <users>
#   <ident>      = 0 -> User ident not required (*@...)
#                  1 -> User ident must be supplied (ident@...)
#   <type>       = 0 -> only sets of numeric IPs allowed
#                  1 -> fully qualified hostname allowed (no wildcards)
#                  2 -> any hostname/IP (may include wildcards)
#   <min-fields> = Minimum number of non-wildcard fields separated by periods.
# NOTE: A fully qualified hostname doesn't need to pass the minimum field
#       test.
#
# Master accounts can do whatever they want so the first rule here isn't
# necessary, but if you wish to allow others unlimited rights add them here.
Secure_Ip_1 = 0 2 0   M
# Allow *@1.2.3.* style masks
Secure_Ip_2 = 0 0 3 G1M
# Allow ident@1.2.* style masks
Secure_Ip_3 = 1 0 2 G1M
# Allow ident@foo.bar.com style masks
Secure_Ip_4 = 1 1 1 G1m
# Allow ident@*.bar.com style masks but not for pure group-admins
Secure_Ip_5 = 1 2 2  1M
# NOTE: Only M accounts can set *@* with these defaults
If site addip rejects an IP/Host mask because Secure_Ip is enabled and no rule is matched then a human readable form of the rules is displayed...

Since the knock knock listen ports just drop the connection immediately after it's made and no data is transfered you can create fake sites in your ftp program and try to connect to them in order. Since that's annoying I anticipate a simple windows app to do it for you with a click of the button using configured site info. A linux / windows command line app to do the same thing but without the pretty interface is also possible.

To prevent username leakage an IP address which has knocked will have the password response delayed 5 seconds or something to prevent time response analysis.

The Secure_Ip feature means a server can now effectively enforce locked down usage. In my experience there was always somebody who added *@* for some reason and then forgot to remove it thus negating Reject_Unknown_Ips. However the ability to use a dynamic IP DNS resolver like no-ip.com will I think be useful for some people but it does make the potential sharing of accounts easier. There are ways to detect this over time though. For the moment, Secure_Ip can restrict who can add fully qualified names so you can limit who can setup these types of dynamic DNS hostsnames.

The one thing I haven't figured out yet is what to do once a user has logged in via knocking. Since any logged in user should keep the host entry alive subsequent logins will work until they logout for a while or the server restarts. I was thinking I could add the full IP to the user account automatically though. Perhaps even keep the last 3 or something so this would allow future logins to work without knocking again until their IP changed.

What do you guys think? Have I missed something or does someone see an easier way? Perhaps more importantly, is this as useful a thing as I think it is?
Yil is offline  
Old 09-04-2007, 04:55 PM   #90
Flow
Senior Member
FlashFXP Beta Tester
ioFTPD Foundation User
 
Flow's Avatar
 
Join Date: Dec 2001
Posts: 306
Default

Security/restrictions settings are always usefull. Good deal Yil as always. Cant wait to check out your 6.3 version. BTW, Neoxed script mention a $user variable which is not implemented by ioFTPD. Whata heck does he mean? Here´s the thred: http://www.inicom.net/forum/showthread.php?t=12702

Thats one of the best script i know, combine with ioSFV.
Flow is offline  
Closed Thread

Tags
ioftpd, links, relative, resolving, symbolic

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 07:07 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)