Updated To Version 3.10.0 Now Receiving Errors

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Locked
Message
Author
sava700
504 Command not implemented
Posts: 7
Joined: 2015-01-17 18:16

Re: Updated To Version 3.10.0 Now Receiving Errors

#166 Post by sava700 » 2015-02-25 00:51

botg wrote:Why doesn't the Caveman grunt at his server administrator to simply have the server fixed?
Well there is nothing wrong with the server and works fine regardless of what YOU feel is broken. I deal with a bunch of different server/hosting companies that do not support this new change so I don't have no choice but to stick to an older version of this software (which I'm considering no longer doing) or go to a different software that allows me to quickly connect do what i need to do and go on.

Caveman also knows how to use sticks to make fire, rather than experiment with two blocks of ice to do it.

gregnk

Re: Updated To Version 3.10.0 Now Receiving Errors

#167 Post by gregnk » 2015-02-25 02:21

sava700 wrote:Well there is nothing wrong with the server and works fine
without any type of encryption all data received and transferred (including passwords) can be seen with a bit of work. I don't get why some servers say that it supports FTP over TLS when it does not. THATS the problem, the server saying it has TLS support when it does not.

don2059
500 Command not understood
Posts: 2
Joined: 2015-02-25 19:42
First name: Don
Last name: Johnston

Re: Updated To Version 3.10.0 Now Receiving Errors

#168 Post by don2059 » 2015-02-25 19:51

I've been looking over this thread and I've got to say that the response from the Admin is the type of arrogant, narcissistic response that I would expect from Apple, Microsoft, etc. Basically, "There's nothing wrong with our app. The problem is yours."

Am I the only one that has to download software off of servers that I have absolutely no control over? Do you expect me to call my customer and tell them that I can't get the file that I'm supposed to be working on until they fix their server? And no, they haven't heard of this problem from their other contractors.

And if it's all about the servers, why does an older version still work?

Sheesh! :x

User avatar
botg
Site Admin
Posts: 31796
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Updated To Version 3.10.0 Now Receiving Errors

#169 Post by botg » 2015-02-25 20:12

As has been mentioned multiple times in this topic: You were not using FTP over TLS in the old version. If you were to use FTP over TLS in the old version with the same servers, you will get the same problem.

As has also been mentioned multiple times in this topic: If you, for whatever reason, cannot get the server fixed, you can still force plaintext FTP in the Site Manager if you don't mind the total lack of security.

don2059
500 Command not understood
Posts: 2
Joined: 2015-02-25 19:42
First name: Don
Last name: Johnston

Re: Updated To Version 3.10.0 Now Receiving Errors

#170 Post by don2059 » 2015-02-25 23:18

botg wrote:As has also been mentioned multiple times in this topic: If you, for whatever reason, cannot get the server fixed, you can still force plaintext FTP in the Site Manager if you don't mind the total lack of security.
Uh... no. That did not resolve the issue for me. The only way I was able to connect is by downgrading.

Rygel
503 Bad sequence of commands
Posts: 21
Joined: 2010-06-04 23:11

Re: SOLVED Updated To Version 3.10.0 Now Receiving Errors

#171 Post by Rygel » 2015-02-26 11:38

splice wrote:Solved this issue server-side. Maybe someone else mentioned this but I haven't read through all 10 pages of the thread. Filezilla stating 'a few servers may be improperly configured.' Well if by 'a few' they mean 'all commerical servers running WHM/cPanel', then yes.

The problem is simply that the proper ports arent being opened and defined by the FTP server and server firewall to allow for TLS in passive mode. Here is the super simple solution, this is for servers running pure-ftp and csf firewall, as most cPanel servers do. Of course, the server admin has to be the one to fix this.

1) Open ports in /etc/pure-ftpd.conf : uncomment the line { #PassivePortRange 30000 50000 }
2) Open ports in /etc/csf/csf.conf (or whatever firewall): add 30000:50000 to the TCP_IN line
3) TLS encryption can be left on 'optional' in the 'FTP server configuration' section of WHM
Very similar to what I explained back on January 15th at viewtopic.php?p=130695

The stance that hosts have their servers "incorrectly configured" or "broken" is, in addition to being somewhat smirky, flat-out WRONG.

There are plenty of hosts that users will run into this with because those hosts use strong security! I know, sounds unbelievable but it's true.

I've used and loved FileZilla for many years, but I have to say they have been quite rude about this to many users in many posts on here.

But hey, you can get away with that when your product is free and popular, right? So why be nice, right?

If this was a paid product you'd never see so many users (customers) getting treated so rudely.

Fellow Users - your host is not "broken" or "configured wrong" , except by FileZilla's decided new standards.

User avatar
botg
Site Admin
Posts: 31796
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Updated To Version 3.10.0 Now Receiving Errors

#172 Post by botg » 2015-02-26 17:52

If these hosts use strong security, why is doesn't secure FTP over TLS work with those hosts? Instead they force their users to use insecure FTP.

User avatar
boco
Contributor
Posts: 24270
Joined: 2006-05-01 03:28
Location: Germany

Re: Updated To Version 3.10.0 Now Receiving Errors

#173 Post by boco » 2015-02-26 20:52

Maybe they are also in the A/V software business?
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

sava700
504 Command not implemented
Posts: 7
Joined: 2015-01-17 18:16

Re: Updated To Version 3.10.0 Now Receiving Errors

#174 Post by sava700 » 2015-02-27 00:49

botg wrote: As has also been mentioned multiple times in this topic: If you, for whatever reason, cannot get the server fixed, you can still force plaintext FTP in the Site Manager if you don't mind the total lack of security.
That option isn't really an option> I'm not going to use it if I can't use Quickconnect and you can NOT set it up using SiteManager and have it a quick connect option. Now if you wish to make it apply in that manner on a follow up release along with the option to disable this newly forced upon change then great.

akbltma
500 Command not understood
Posts: 1
Joined: 2015-03-03 21:12
First name: AK
Last name: B

Re: Updated To Version 3.10.0 Now Receiving Errors

#175 Post by akbltma » 2015-03-03 21:24

Hi,

I've been unable to connect to my host/server since the update. When I tested the FTP online, it said it worked but there were some warnings. I've tried to configure all these different settings on actual FileZilla with no success, though. I keep getting different errors. I'll copy and paste the most common one.
I've disabled my firewall, set it to plain FTP, used 3 different networks, and I'm still unable to connect. Anyone have any ideas? HEre are the most common errors:

Connecting to probe.filezilla-project.org
Response: 220 FZ router and firewall tester ready
USER FileZilla
Response: 331 Give any password.
PASS 3.10.2
Response: 230 logged on.
Checking for correct external IP address
Retrieving external IP address from http://ip.filezilla-project.org/ip.php
Checking for correct external IP address
IP 24.6.165.72 ce-g-bgf-hc
Response: 200 OK
PREP 52272
Response: 200 Using port 52272, data token 2029289260
PORT 24,6,165,72,204,48
Response: 200 PORT command successful
LIST
Response: 150 opening data connection
Response: 503 Failure of data connection.
Server sent unexpected reply.
Connection closed

-----

Connecting to probe.filezilla-project.org
Response: 220 FZ router and firewall tester ready
USER FileZilla
Response: 331 Give any password.
PASS 3.10.1.1
Response: 230 logged on.
Checking for correct external IP address
You appear to be using an IPv6-only host. This wizard does not support this environment.
Connection closed

-----

Status: Resolving address of ftp.capitaliq.com
Status: Connecting to 209.11.218.41:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server
Status: Waiting to retry...
Status: Resolving address of ftp.capitaliq.com
Status: Connecting to 209.11.218.41:21...
Status: Connection established, waiting for welcome message...
Response: 220 Welcome to Capital IQ, Inc.'s FTP Site (ELE)...
Command: AUTH TLS
Response: 234 AUTH command OK. Initializing SSL connection.
Status: Initializing TLS...
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server

pendragon
500 Command not understood
Posts: 2
Joined: 2015-03-04 12:18
First name: Tony
Last name: Corbett

Re: Updated To Version 3.10.0 Now Receiving Errors

#176 Post by pendragon » 2015-03-04 12:30

botg wrote:If these hosts use strong security, why is doesn't secure FTP over TLS work with those hosts? Instead they force their users to use insecure FTP.
I find it interesting that you would say this, Since I get the following at the test you suggested in another post

Code: Select all

Your server is working and assorted routers/firewalls have been correctly configured for explicit FTP over TLS as performed by this test.
So as you can see I do infact have my servers setup to correctly use ftp over TLS
When using FileZilla 3.9.0.6 I can connect using explicit ftp/ssl

However as soon as anyone does an update to 3.10 we get a failure

Code: Select all

Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:	220-You are user number 3 of 50 allowed.
Response:	220-Local time is now 07:07. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 15 minutes of inactivity.
Command:	AUTH TLS
Response:	234 AUTH TLS OK.
Status:	Initializing TLS...
Error:	Received TLS alert from the server: Handshake failed (40)
Error:	Could not connect to server
Here is response from 3.9.0.6

Code: Select all

Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:	220-You are user number 1 of 50 allowed.
Response:	220-Local time is now 07:27. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 15 minutes of inactivity.
Command:	AUTH TLS
Response:	234 AUTH TLS OK.
Status:	Initializing TLS...
Status:	Verifying certificate...
Command:	USER XXXX
Status:	TLS/SSL connection established.
Response:	331 User XXXX OK. Password required
Command:	PASS XXXX
Response:	230 OK. Current restricted directory is /
Command:	SYST
Response:	215 UNIX Type: L8
Command:	FEAT
Response:	211-Extensions supported:
Response:	 EPRT
Response:	 IDLE
Response:	 MDTM
Response:	 SIZE
Response:	 MFMT
Response:	 REST STREAM
Response:	 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:	 MLSD
Response:	 AUTH TLS
Response:	 PBSZ
Response:	 PROT
Response:	 TVFS
Response:	 ESTA
Response:	 PASV
Response:	 EPSV
Response:	 SPSV
Response:	 ESTP
Response:	211 End.
Status:	Server does not support non-ASCII characters.
Command:	PBSZ 0
Response:	200 PBSZ=0
Command:	PROT P
Response:	200 Data protection level set to "private"
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is your current location
Command:	TYPE I
Response:	200 TYPE is now 8-bit binary
Command:	PASV
Response:	227 Entering Passive Mode (XXXXXXXX)
Command:	MLSD
Response:	150 Accepted data connection
Response:	226-Options: -a -l 
Response:	226 44 matches total
Status:	Directory listing successful
So please rather than tell me and everyone else that I do not have it setup correct, hows about FIXING IT.

pendragon
500 Command not understood
Posts: 2
Joined: 2015-03-04 12:18
First name: Tony
Last name: Corbett

Re: Updated To Version 3.10.0 Now Receiving Errors

#177 Post by pendragon » 2015-03-04 12:53

botg wrote:As has been mentioned multiple times in this topic: You were not using FTP over TLS in the old version. If you were to use FTP over TLS in the old version with the same servers, you will get the same problem.
I have to disagree with you here,
I know for a fact that my servers are configured correctly,
( Passed the Little test that was pointed to in another thread )

this is from 3.9.0.6

Code: Select all

Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:	220-You are user number 1 of 50 allowed.
Response:	220-Local time is now 07:41. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 15 minutes of inactivity.
Command:	AUTH TLS
Response:	234 AUTH TLS OK.
Status:	Initializing TLS...
Status:	Verifying certificate...
Command:	USER XXXXX
Status:	TLS/SSL connection established.
Response:	331 User XXXXXXX OK. Password required
Response:	230 OK. Current restricted directory is /
Status:	Server does not support non-ASCII characters.
Command:	PBSZ 0
Response:	200 PBSZ=0
Command:	PROT P
Response:	200 Data protection level set to "private"
Status:	Connected
Status:	Starting download of /public_html/.htaccessbak
Command:	CWD /public_html
Response:	250 OK. Current directory is /public_html
Command:	PWD
Response:	257 "/public_html" is your current location
Command:	TYPE A
Response:	200 TYPE is now ASCII
Command:	PASV
Response:	227 Entering Passive Mode (xxxxxxxx)
Command:	RETR .htaccessbak
Response:	150 Accepted data connection
Response:	226-File successfully transferred
Response:	226 0.008 seconds (measured here), 29.97 Kbytes per second
Status:	File transfer successful, transferred 246 bytes in 1 second
Is that NOT showing a Complete Connection?

Here is from server logs

Code: Select all

Mar  4 07:27:08 server11 pure-ftpd: (?@xxx.xx.xxx.xxx) [INFO] XXXXXXXX is now logged in
Mar  4 07:27:09 server11 pure-ftpd: (XXXXXXXX@xxx.xx.xxx.xxx) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with RC4-SHA, 128 secret bits cipher
Mar  4 07:34:43 server11 pure-ftpd: (XXXXXXXX@xxx.xx.xxx.xxx) [INFO] Logout.
Mar  4 07:41:13 server11 pure-ftpd: (?@xxx.xx.xxx.xxx) [INFO] XXXXXXXX is now logged in
Mar  4 07:41:13 server11 pure-ftpd: (XXXXXXXX@xxx.xx.xxx.xxx) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with RC4-SHA, 128 secret bits cipher
Mar  4 07:46:06 server11 pure-ftpd: (XXXXXXXX@xxx.xx.xxx.xxx) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with RC4-SHA, 128 secret bits cipher
Mar  4 07:46:28 server11 pure-ftpd: (?@xxx.xx.xxx.xxx) [INFO] XXXXXXXX is now logged in
Mar  4 07:46:28 server11 pure-ftpd: (XXXXXXXX@xxx.xx.xxx.xxx) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with RC4-SHA, 128 secret bits cipher
Mar  4 07:46:28 server11 pure-ftpd: (XXXXXXXX@xxx.xx.xxx.xxx) [NOTICE] /home/XXXXXXXX//public_html/.htaccessbak downloaded  (246 bytes, 29.97KB/sec)
Mar  4 07:47:28 server11 pure-ftpd: (XXXXXXXX@xxx.xx.xxx.xxx) [INFO] Logout.
Sure as heck looks like a good connection to me

Same attempt on 3.10.1.1

Code: Select all

Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:	220-You are user number 4 of 50 allowed.
Response:	220-Local time is now 07:50. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 15 minutes of inactivity.
Command:	AUTH TLS
Response:	234 AUTH TLS OK.
Status:	Initializing TLS...
Error:	Received TLS alert from the server: Handshake failed (40)
Error:	Could not connect to server
Interesting, its the EXACT same account with the exact same settings, the exact same firewall ( running both side by side on same PC )

3.9 connects 3.10 breaks and you want to tell me that my server is configured wrong and that in older versions I was NOT using secure connections....

it is now time to Call Bull and the Log entries prove it

User avatar
boco
Contributor
Posts: 24270
Joined: 2006-05-01 03:28
Location: Germany

Re: Updated To Version 3.10.0 Now Receiving Errors

#178 Post by boco » 2015-03-04 15:43

RC4-SHA
The insecure RC4 is disabled since 3.10.1-rc1. If your server doesn't support (or isn't configured to support) stronger ciphers, I can see why you can't connect.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

User avatar
botg
Site Admin
Posts: 31796
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Updated To Version 3.10.0 Now Receiving Errors

#179 Post by botg » 2015-03-04 19:13

RC4 is insecure and MUST NOT be used. See RFC 7465 for reference. FileZilla implements RFC 7465.
I get the following at the test you suggested in another post

Code: Select all

Your server is working and assorted routers/firewalls have been correctly configured for explicit FTP over TLS as performed by this test.
Thank you for bringing this to my attention. I've updated the test site to no longer use RC4, so that it too will now fail on your server.

Marti42
500 Command not understood
Posts: 5
Joined: 2015-03-05 07:31
First name: Martina
Last name: Zeitler

Re: Updated To Version 3.10.0 Now Receiving Errors

#180 Post by Marti42 » 2015-03-06 02:27

First, please be patient with my ignorance, but I am trying my best to learn. Unfortunately, I feel that I'm currently below sea level. :shock:

I too am getting the problem expressed earlier in this thread. Below is a copy and paste of what happens when I try to connect to my newly self hosted Wordpress site with BueHost

Status: Resolving address of ftp.justoutsidetheboxcartoon.com
Status: Connecting to 50.87.248.127:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Server does not support non-ASCII characters.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PASV
Response: 227 Entering Passive Mode (50,87,248,127,26,24)
Command: MLSD
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing


Going through this thread, I can see this comment appearing frequently
"If you don't mind the total lack of security, you can always force use of plain FTP in the Site Manager."
However, I don't know how to 'force use of plain FTP in the site manager'. I assume I need to log into my BlueHost cPanel and change a setting?

Marti

Locked