Go Back   FlashFXP Forums > > > >

ADDiCT's scripts sitewho.exe, ioGroups, ioGui, ioLimitTransfers, ioSecureAdduser

Reply
 
Thread Tools Rate Thread Display Modes
Old 09-17-2003, 01:55 AM   #1
Pharaoh
Senior Member
ioFTPD Registered User
 
Join Date: Sep 2003
Posts: 117
Question Not to allow too big range (keep security)

Hi,
is it possible to make ioFTPD not accept IP change to *@* or *@220.* because it is not specific enough? only allow at least 2 numbers after the @?
eg: *@210.115.* will be allowed because it has a more specific range (210.115)

TIA.

P.S. I am using ver. 4.9.4
Pharaoh is offline   Reply With Quote
Old 09-17-2003, 02:34 AM   #2
MaistroX
Senior Member
FlashFXP Registered User
ioFTPD Registered User
 
Join Date: Jul 2002
Posts: 221
Question

This is a VERY intressting issue, coz this is allso needed for Beta 5+ of security reason, not only to be able to force atlest *@xxx.xxx.*.* , but allso be able to force Ident, so indent is needed in "addip" to be able to add ip at all.

anything u could add to ioFTPD, D1 ?


Would be a very appreciated security option
MaistroX is offline   Reply With Quote
Old 09-17-2003, 09:15 AM   #3
Stardog
Senior Member
FlashFXP Registered User
ioFTPD Scripter
 
Join Date: Oct 2001
Posts: 236
Default

perhaps adding this to the hosts.rules file?
Stardog is offline   Reply With Quote
Old 09-17-2003, 09:58 AM   #4
Mouton
Posse Member
Ultimate Scripter
ioFTPD Administrator
 
Join Date: Dec 2002
Posts: 1,956
Default

Quote:
Originally posted by MaistroX
anything u could add to ioFTPD, D1 ?
dark specified many times that everything that isn't ftpd related would have to be scripted.

Your request require a script. A couple of lines in tcl/php/whatever would do.
Mouton is offline   Reply With Quote
Old 09-21-2003, 01:13 AM   #5
GOD-EMPEROR
Member
ioFTPD Registered User
 
Join Date: Sep 2002
Posts: 42
Default I disagree

actually I would suggest that ip/ident filtering on adduser be set like glftpd with something secure_ip capabilities, but as long as addip is a staple of ftpd usage, the same settings should apply to that as well....
GOD-EMPEROR is offline   Reply With Quote
Old 09-21-2003, 01:17 AM   #6
Pharaoh
Senior Member
ioFTPD Registered User
 
Join Date: Sep 2003
Posts: 117
Thumbs up Re: I disagree

Quote:
Originally posted by GOD-EMPEROR
actually I would suggest that ip/ident filtering on adduser be set like glftpd with something secure_ip capabilities, but as long as addip is a staple of ftpd usage, the same settings should apply to that as well....
I agree with u, mate.
This feature should be quite easy to implement, and very useful.
Pharaoh is offline   Reply With Quote
Old 09-21-2003, 09:03 AM   #7
ADDiCT
Senior Member
FlashFXP Beta Tester
ioFTPD Scripter
 
Join Date: Aug 2003
Posts: 517
Default

Ok, made this in 10 mins.
It will check ident@ip for addip/adduser/gadduser events

edit ioftpd.ini :
Code:
[Pre]
site = ..\scripts\ioSecureAdduser.exe
(tell me if it's any good)
ADDiCT is offline   Reply With Quote
Old 09-21-2003, 09:12 AM   #8
Pharaoh
Senior Member
ioFTPD Registered User
 
Join Date: Sep 2003
Posts: 117
Thumbs up

Quote:
Originally posted by ADDiCT
Ok, made this in 10 mins.
It will check ident@ip for addip/adduser/gadduser events

edit ioftpd.ini :
Code:
[Pre]
site = ..\scripts\ioSecureAdduser.exe
(tell me if it's any good)
Is there any chance you could make it not allow adding IPs like:
*@* or even 1 number like *@128.* (an option that will be set in ioftpd.cfg by the admin), for example, something like:
minimumIPnumbers = 0 will allow adding *@*
minimumIPnumbers = 1 will not allow *@*, BUT will allow adding IPs like *@128
minimumIPnumbers = 2 will only allow IPs like *@128.217.*
3 will be 3 numbers and 4 will be only exact IP.

AND the ftp output when somebody try to add *@* (or any other, according to the option in the cfg file) when it is blocked would be something like "Can't add IP, not specific enough"

TIA.

P.S. Damn, I wish I was a programmer
Pharaoh is offline   Reply With Quote
Old 09-21-2003, 09:19 AM   #9
ADDiCT
Senior Member
FlashFXP Beta Tester
ioFTPD Scripter
 
Join Date: Aug 2003
Posts: 517
Default

minimumIPnumbers = 0 will allow adding *@*
----> don't use the tool, or set ident_ip_mask = *

minimumIPnumbers = 1 will not allow *@*, BUT will allow adding IPs like *@128
----> ident_ip_mask = *@*#.*

minimumIPnumbers = 2 will only allow IPs like *@128.217.*
----> ident_ip_mask = *@*#.*#.*

(but now i come to think of it, i will have to change something else important in my tool first)
ADDiCT is offline   Reply With Quote
Old 09-21-2003, 09:37 AM   #10
Pharaoh
Senior Member
ioFTPD Registered User
 
Join Date: Sep 2003
Posts: 117
Talking

Thanks mate, work as advertized!
SITE ADDUSER tester tester *@*
200-+-----------------------------
200-| BAD: *@*
200-+-----------------------------
200 Command FAILED.

Any chance you can change the BAD: to a custom message that the admin choose, or simply something like "IP NOT SPECIFIC ENOUGH" (like in glFTPD), so that the ops will get the message:

SITE ADDUSER tester tester *@*
200-+-----------------------------
200-| IP NOT SPECIFIC ENOUGH: *@*
200-+-----------------------------
200 Command FAILED.

THX again, bro, best 10min spent!!
Pharaoh is offline   Reply With Quote
Old 09-21-2003, 10:14 AM   #11
Pichento
Senior Member
ioFTPD Registered User
 
Join Date: Feb 2003
Posts: 327
Default Request

Hiya Addict.

Can you add the following option in the cfg. I need to be able to force:

ident@xxx.xxx.xxx.*

OR

*@xxx.xxx.xxx.xxx

For adding valid IP's

Thanks in advance!
Pichento is offline   Reply With Quote
Old 09-21-2003, 10:23 AM   #12
Pharaoh
Senior Member
ioFTPD Registered User
 
Join Date: Sep 2003
Posts: 117
Default Re: Request

Quote:
Originally posted by Pichento
Hiya Addict.

Can you add the following option in the cfg. I need to be able to force:

ident@xxx.xxx.xxx.*

OR

*@xxx.xxx.xxx.xxx

For adding valid IP's

Thanks in advance!
I *think* that you should just change the included ioSecureAdduser.ini file like this:
for ident@xxx.xxx.xxx.* change it to:
ident_ip_mask = *??@*#.*#.*#.*
and for *@xxx.xxx.xxx.xxx change it to:
ident_ip_mask = *@*#.*#.*#.*#
Pharaoh is offline   Reply With Quote
Old 09-21-2003, 10:26 AM   #13
ADDiCT
Senior Member
FlashFXP Beta Tester
ioFTPD Scripter
 
Join Date: Aug 2003
Posts: 517
Default

problem is he needs both possibilities
i'm working on that, specify as many masks as u need
ADDiCT is offline   Reply With Quote
Old 09-21-2003, 11:38 AM   #14
ADDiCT
Senior Member
FlashFXP Beta Tester
ioFTPD Scripter
 
Join Date: Aug 2003
Posts: 517
Default

- u can specify as many ident_ip_mask entries as needed
- use ### for a numeric ip part (no more *#)
ADDiCT is offline   Reply With Quote
Old 09-21-2003, 11:57 AM   #15
Pichento
Senior Member
ioFTPD Registered User
 
Join Date: Feb 2003
Posts: 327
Default

Thanks man!

Really - Really neat work.
Pichento is offline   Reply With Quote
Reply

Tags
allowed, eg@210.115., range, specific, ver

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem! Please help! Rizzo General Discussion 4 01-02-2005 05:15 PM


All times are GMT -5. The time now is 03:25 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)