Re: Updated To Version 3.10.0 Now Receiving Errors
Posted: 2015-01-28 15:36
The setting is under the Encryption Dropdown in the Site Manager. QuickConnect can't be forced to Plain FTP.
Welcome to the official discussion forums for FileZilla
https://forum.filezilla-project.org/
https://forum.filezilla-project.org/viewtopic.php?f=2&t=34842
Sure, I'll tell the roomful of admins who support dozens of servers for a 50,000-employee company that they need to change their working configs in order to support an unannounced change in the latest version of freeware.boco wrote:Sorry, but that's nary a fix. A proper fix would involve configuring the server in such a way that
- either it properly supports FTP over TLS as it announces,
- or it should neither announce TLS nor support the AUTH command.
How to stop FileZilla Automatic Update and Prompt WindowChronicler wrote:I’ve reverted to 3.9.0.6 while waiting for my Web host to deal with the server. In the meantime, is there a way to get rid of the update window that pops up each time I open FileZilla?botg wrote:FileZilla now automatically uses FTP over TLS if the server accepts it. Unfortunately there are a few badly configured servers out there. These servers need to be fixed.
Sure, I'll tell the roomful of admins who support dozens of servers for a 50,000-employee company that they need to change their working configs
Your reason is too specific. You do this in order to support each and every FTP over TLS client on this planet.in order to support an unannounced change in the latest version of freeware.
Pink, with a hint of rainbow. I think it's going to rain unicorns again tonight. Going to be messy...malbuff wrote:What color is the sky in your world, anyway?
Fatbat wrote:Typical pretentious programmers/IT people. You're better than everyone else. Nobody else knows what they are talking about. Everyone else is inept. Seriously, give it a rest. Rackspace has close to 6,000 employees and data centers in four countries. Liquidweb is highly resepcted and has three of its own data centers in Michigan and one in Arizona. Softlayer is owned by IBM, again with multiple data centers in Texas and elsewhere. These guys aren't some fly by night resellers that don't know what they are talking about. My Liquidweb server has been tested and works, but the Filezilla update doesn't work for me locally. Why is that?botg wrote:My guess is that they all use some off-the-shelf enterprise hosting platform, with a different skin to make it look like their own. Most of them probably are just resellers anyhow.xeon wrote:I actually wouldn't be surprised at all. I know for a fact that most of the hosting companies you've listed are inept. In fact, most hosting companies in existence are inept at what they do.
You also have to take into account that most hosting companies use outdated Linux distributions like RHEL/CentOS. Very rarely does RedHat backport any meaningful bug or security fixes, they fail just as much as the hosting companies using them.
Who thought it would be a good idea to change your default FTP protocol to something that wouldn't work on 99% of the world's servers and/or default settings that won't work for anyone out of the box locally? That would be inept.
You're confusing opinion with fact. It is fact that these servers or their firewalls aren't correctly configured for FTP over TLS. It is something that can only be fixed server-side.There is nothing worse than a stubborn programmer thinking "this is my opinion, therefore, I rule the world" and one that won't listen to his customers and users of the actual product.
Is there any way that a future update could include an option in the general settings to allow Plain FTP throughout the application? QuickConnect is the easiest way to reach multiple sites and an all encompassing setting to force Plain FTP could help stem the flow of complaints and attempted wit in these responses.boco wrote:The setting is under the Encryption Dropdown in the Site Manager. QuickConnect can't be forced to Plain FTP.
Just because you're paranoid doesn't mean they aren't after you.tiikeri wrote:I am paranoid. I know, I should talk with an analyst, but my paranoid world is populated by bad hackers, and I saw big and small (estimated or not) Companies with sites and server misconfigured or outdated.
It's a move towards security by default. It shouldn't be possible to accidentally use an insecure protocol.splice wrote:That being said, it would be nice if Quick Connect could also be told to use plain FTP. Why only in site manager is beyond me. I think most of the general audience probably uses only Quick Connect.
Underestimated indeed, we are talking a significant market share of all commercial web hosting companies here. The default settings with the most recent updates on WHM/cPanel are improperly configured for TLS, resulting in this problem. It's easy to say 'well everyone needs to man up and fix this', and they certainly should for security reasons, but we are talking millions and millions of hosting accounts here. This issue needs to be submitted to the cPanel/WHM and CSF staff to definitively resolve the issue, along with any other affected hosting platforms.Ideally not even the option in the Site Manager would be needed if all servers were properly configured. I underestimated the amount of broken or badly configured servers though.
Actually it's the opposite, it's a very time-consuming and tedious task.splice wrote:It's easy to say 'well everyone needs to man up and fix this
FileZilla does not require FTP over TLS. If the server says it supports FTP over TLS, then it is used though. Were the server to reject the AUTH command, plain FTP would still be used just like in old versions.The reality is that many competing FTP products do not require TLS by default and Filezilla stands to lose a significant market share due to this issue.
I have planned such a feature, in a future version a message like this will appear if the server rejects the AUTH command.Here is my suggestion. Code the program to display a pop-up box when this problem is encountered that says "Unfortunately the server you are trying to connnect to is misconfigured and does not support secure FTP over TLS. Would you like to proceed as plain FTP?"
Understood. What I should say is that many popular FTP clients dont connect using TLS by default. Nobody can fault you for wanting to improve security by defaulting this to on of course, but here is this huge problem.FileZilla does not require FTP over TLS. If the server says it supports FTP over TLS, then it is used though. Were the server to reject the AUTH command, plain FTP would still be used just like in old versions.