Topic: computer help please....

[mike1218]

Can somebody help and point me in the right direction?  Sorry in advance if this is the wrong place to post this question.  I am currently using SmartFTP as a means of retrieving files from others, but I would like to learn how to set up my computer so it can be accessed by others safely and securely.  Can anyone of you fine peoples tell me where I might be able to find directions on that?  I would really appreciate it.  Thank you.

-mike

[chase]

i recommend FileZilla Server  -  http://sourceforge.net/project/showfiles.php?group_id=21558&package_id=21737

pretty simple to setup  -  http://www.pcmech.com/byos/step/8/

[mike1218]

Hey, thank you Chase!

[peeeper]

Something you want to beware of with FileZilla and I speak of experience  is that this FTP server has be known to have a few nasty exploits with past versions and at least one I know of that hasn't been fixed or acknowledged by Zzillezz for the current version.  So take that into consideration...

If I were to use MS OS to run an FTPd I would look into Bulletproof or ServU.  If you can manage a nix box, I prefer using PureFTPd or Pro-FTP much more stable, secure and highly configurable then any windows FTPd you can find.

[Scooter]

I'll put a vote in for ServU.  It works great for me.

[chase]

setting up a nix server is a little much for the casual first time FTP server admin.  only reason i use FIleZilla is becuase it's free.  i've had Serv-U and BPFTPD but i forgot to back up my registration keys.      unless anyone knows where i can download BPFTP Server v2.2.1

i'm curious, what is the security hole is in filezilla?

[peeeper]

Tell me your IP addy, run the server and I'll so you.   

Since this has not been reported by any security site nor has Zzillezz publicly announced there is a exploit with their latest version I'm not going to hand feed you how to take advantage of it, since this not that type of forum.  What I will tell you is, there is a bug in the code that can be exploited remotely.  The problem is due to a combination of two bugs, actually.  One is located within the function responsible for the file permission feature, which fails to properly signal an error to its caller under 'certain' conditions.  The other bug is at the caller, a command parser function, which incorrectly handles the error status returned by the virtual user function allowing the corruption of the process memory space.  This can be exploited remotely by everybody in the world to gain admin access on your machine, even if you do not allow  anonymous ftp access, this bug  still allows every user with ftp access to gain admin access on your machine, if they know what they are doing.  Your chances of a attack are minimal unless the attacker knows you are running FIleZilla, but is very dangerous since the complete file system is compromised.

So how about it, what's your IP?   

[chase]

even though it's doubtful anyone would do that to my relatively small server, i switched to BPFTPD.  thanks for the info.

[Joe w.]

I use Bulletproof FTP and it has always worked great for me. It is much easier to set up than others i've tried.