Go Back   FlashFXP Forums > > > >

Suggestions Got a new idea or addition which would benefit IOFTPD? Post it here!

Reply
 
Thread Tools Rate Thread Display Modes
Old 09-08-2004, 10:19 AM   #16
WebY
Member
 
Join Date: Aug 2004
Posts: 62
Default

they are no other protection againts hacked server?
WebY is offline   Reply With Quote
Old 09-08-2004, 10:57 AM   #17
Grendel
Senior Member
FlashFXP Beta Tester
ioFTPD Scripter
 
Grendel's Avatar
 
Join Date: Jul 2004
Posts: 187
Default

Quote:
What's wrong with ioFTPD.exe anyway?
Absolutely Correct....NeoXed
Very easy to answer.....ABSOLUTELY NOTHING IS WRONG
In my opinion, there's NO NEED to change the name of .EXE,
but this must decide Darkone, of course.

The only reason to rename the .exe is for use
on servers hacked by some stupid kiddies
cause they can hide the daemon-task better now.

I know many administrators,
checking every server additionally for all known
FTP-daemons (which can be used for a "hacked" ftp).
If you can rename ioFTPD.exe to something inconspicuous
it will be much more difficult to find...
__________________
- FlashFXP v4.0 BETA (v3.7.9 Build 1401) registered
- Windows 7 x64
- McAfee Antivirus Enterprise 8.7i Patch 2 + Antispyware 8.7i
Grendel is offline   Reply With Quote
Old 09-08-2004, 11:08 AM   #18
Grendel
Senior Member
FlashFXP Beta Tester
ioFTPD Scripter
 
Grendel's Avatar
 
Join Date: Jul 2004
Posts: 187
Default

Quote:
Originally posted by WebY
they are no other protection againts hacked server?
@WebY:

A fixed name for the process is the easiest way,
so you can check the server's processes automatically with
Enterprise-Tools like NETIQ's Appmanager 5.xx ect. ,
which can give infos to admins.

Do you have a better idea ?
So please tell us
__________________
- FlashFXP v4.0 BETA (v3.7.9 Build 1401) registered
- Windows 7 x64
- McAfee Antivirus Enterprise 8.7i Patch 2 + Antispyware 8.7i
Grendel is offline   Reply With Quote
Old 09-10-2004, 05:58 AM   #19
WebY
Member
 
Join Date: Aug 2004
Posts: 62
Default

K,K:banana:

Plz made in the new Version the "Current Speed" Variable
WebY is offline   Reply With Quote
Old 09-13-2004, 04:07 PM   #20
-=DoBBeR=-
Senior Member
ioFTPD Registered User
 
Join Date: Oct 2002
Posts: 298
Default

I think this issue has been up before at some point, but it really would be nice if, when ip is not allowed, ioftpd could show that to the user. My couriers keep thinking their account is screwed up when they get "login incorrect", or at least make it an option in config?

tnx
-=DoBBeR=- is offline   Reply With Quote
Old 09-13-2004, 04:26 PM   #21
neoxed
Too much time...
FlashFXP Beta Tester
ioFTPD Scripter
 
Join Date: May 2003
Posts: 1,326
Default

Quote:
Originally posted by -=DoBBeR=-
I think this issue has been up before at some point, but it really would be nice if, when ip is not allowed, ioftpd could show that to the user. My couriers keep thinking their account is screwed up when they get "login incorrect", or at least make it an option in config?
Its been discussed before, the anwser was (and probably still is) no. Simply because it creates a security risk; the idea is to give as little information as possible. The informative error message is really only relevant to administrators, thus why it's logged to logs\Error.log.

In the event that an attacker was attempting to obtain someone else's login/password to the FTP server, via brute forcing, why give them "tips" to what they're doing wrong?
neoxed is offline   Reply With Quote
Old 09-13-2004, 04:34 PM   #22
-=DoBBeR=-
Senior Member
ioFTPD Registered User
 
Join Date: Oct 2002
Posts: 298
Default

sure it could make a system more vulnerable, but why not let the owner of the site decide that? through an option in ini?
Another thing that bothers me is that in error.log the people with "wrong" ip show up with hosts instead of ip, why not both? or just ip? that would certainly make it easier and faster for siteops to first find out whats wrong, and then add new ip. As it is right now I need to resolve host with ping, and then add it to allowed ips, after first being bugged by some user who thinks I've ****ed up his account =)
-=DoBBeR=- is offline   Reply With Quote
Old 09-13-2004, 06:06 PM   #23
neoxed
Too much time...
FlashFXP Beta Tester
ioFTPD Scripter
 
Join Date: May 2003
Posts: 1,326
Default

Quote:
Originally posted by -=DoBBeR=-
sure it could make a system more vulnerable, but why not let the owner of the site decide that? through an option in ini?
Because it's another unnecessary configuration option. Darkone did a fairly large cleanup of the ioFTPD.ini for Beta-5.4, to remove 'excessive' options. I doubt his stance on this has changed.

Aside that, if a client says that he or she is having trouble logging in; if you're using ioA, all you would have to do is type SITE ERRLOG to display the Error.log. Are you really that lazy?
neoxed is offline   Reply With Quote
Old 09-14-2004, 10:25 AM   #24
Mouton
Posse Member
Ultimate Scripter
ioFTPD Administrator
 
Join Date: Dec 2002
Posts: 1,956
Default

not as if sitebots didn't echo the errorlog wherever u want either...
u could even make it send user error to the user himself (on irc or email or whatever) with a little work.
if fact, that would be even better than what u suggest. the user would receive a notice each time a login fails using his username, and the reason why it failed... he would know if someone tried to use his account.
very good idea for a script...
way to go DoBBeR!
Mouton is offline   Reply With Quote
Old 09-14-2004, 10:29 AM   #25
-=DoBBeR=-
Senior Member
ioFTPD Registered User
 
Join Date: Oct 2002
Posts: 298
Default

yeah, would work nice as long as ppl are named the same on ftp as on irc, otherwise I'm fuxx0rd =) but sure, I think I'll give that a try =) tnx mouton
-=DoBBeR=- is offline   Reply With Quote
Old 09-14-2004, 10:31 AM   #26
Mouton
Posse Member
Ultimate Scripter
ioFTPD Administrator
 
Join Date: Dec 2002
Posts: 1,956
Default

well, most sites use site invite... or msg sitebot !invite...
u just need to store the latest nick from those commands is a little db (text file).
maybe your sitebot could even remove the nick when the user /part or quits irc... just to make sure u don't pm someone you shouldn't.
Mouton is offline   Reply With Quote
Old 09-14-2004, 04:41 PM   #27
dasOp
Member
 
Join Date: Jan 2003
Posts: 91
Default Re: New Icon.

Quote:
Originally posted by jron
Please, for the love of all things nerdy, change that damn red shit blob of an icon :P it haunts me at night... really.
If you mean the icon ioTrayIcon uses (which I stole from the older io's yes) then send me replacement icons or replace them yourself, there are apps that can do that.
dasOp is offline   Reply With Quote
Reply

Tags
change, deamon, ioftpd, scull, suggestions

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
4.0.3 popups? tuff Bug Reports 2 01-17-2003 08:03 PM


All times are GMT -5. The time now is 06:53 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)