Discussion topic: It's the server's fault!

[Bo Bruce]

the only question i have and was able to find one other post here on page 6 is ...

i have comcast as my provider and they allow me a personal web page, for each email addy.
and i have several with them.

my question is why would all but one of the connections work?

meaning, i can use the latest Fz and connect and have no problems, save - the PRIMARY location.
that is the only difference~ is it THE reason?

i am not a programmer, and honestly all the discussion using terms and identifying letters for programming is well beyond my understanding. thats one of the reasons i like Fz so much is because its so easy to use, and always has been.

i too feel that communicating with these big companies is difficult at best. when their 'experts' tell me its MY problem, or the software i'm using is the problem and then they disable my web pages in order to 'fix' them.. which they don't.

one other question please?
when it is said, 'security issue' for not working,.... is it for my PC? or the Server? or the connection between us?
maybe that's too simple a question, but i would like to have some light shed on that just so i can understand better, and possibly present my case to comcast with a little more intelligence.

thanks much!
and thanks for Fz!

[botg]

my question is why would all but one of the connections work?

Most likely because the server administrator is clueless.

[Bo Bruce]

ok.. we'll soon (?) find out!

i wrote and added in all the info about it being the server problem (which they have totally - ignorantly denied in the past) - lets see if the fear of being 'at risk' gets them to look deeper

thx

[botg]

Split unrelated post by eybex into new topic

[MarkMc33]

I have also been struggling with this problem for quite a while. The other day, I stumbled onto what's causing it, at least for my Solaris 10 FTP server. The ftp connection is good but the home directory for the user can't be listed. This doesn't happen for all users and the one's it is affecting work sometimes. This was occuring using either FileZilla or Windows Internet Explorer, versions 7 & 8. The odd thing is that from a command line FTP utility, everything works fine. Another oddity is that the user is logged in and is capable of viewing listings in parent directories where read access is granted.

I have an account on the server with quite a few files (280+) in my default directory and have experienced the same problem. On a hunch, I moved 10 files from my default directory into a sub directory called "FTP" and then set it as my default in /etc/passwd. When I connected with FileZilla, it worked, as well as Internet Explorer. When I put my default directory back to the folder with 280+ files, both failed again. The timeout problem is somehow related to the number of files in the user's default directory; possibly a delay in responding with the directory listing.

The person who originally reported the problem case had over 200 directory entries (files and folders) in their default directory. I split them into 5 sub directories such that they each contain less than 50 files. They can now connect and list files in all directories with either FTP client.

What I don't understand is why the number of files listed effects SSL/TLS closure as mentioned above. I have opened a problem ticket with Sun and will post the solution when I have it.

[MarkMc33]

I have resolved this issue on my Solaris 10 FTP server. Turned out my network interface card was not set up correctly. The network connection was running 100mb Full Duplex and my server was running 100mb Half duplex. This resulted in excessive transmission failures which probably appeared to IE and FileZilla as attempted hacks into the system. I corrected settings and turned Auto Negotiate off. I am no longer receiving errors and response time is much better.

[Ben12345]

So Filezilla client won't connect unless the server isn't vulnerable? Does this effect only SFTP connections, or also regular FTP connections? Also, does Filezilla 0.9.29 server have this vulnerability or not?

[Ben12345]

I notice in filezilla client I can get "Could not read from socket: ECONNRESET - Connection reset by peer"
when I use "kick" command from filezilla server. Is this normal?

[botg]

Very much so.

[boco]

Also, does Filezilla 0.9.29 server have this vulnerability or not?

Use the latest version 0.9.33, doesn't have this vulnerability.

[Ben12345]

Also, does Filezilla 0.9.29 server have this vulnerability or not?

Use the latest version 0.9.33, doesn't have this vulnerability.

I'm curious SPECIFICALLY if FileZilla 0.9.29 server has this vulnerability. I would tend to think not, given that the maker of Filezilla products cares so much about security. But I need to know about this EXACT version. Why? Well it came with the Xampp package (along with Apache webserver and a version of PHP and a version of MYSQL). I like this package because right away from the moment of installation, EVERYTHING is configured to work with everything else in the package. If I upgrade ANY of these components, it might break the way they all work together. Alternatively I could install the components up separately (web server, FTP server, PHP, MYSQL), but then they'd have to MANUALLY be configured to with each other. This level of manual configuration (I've tweaked some of the settings in FTP server for better performance, but NEVER a complete manual configuration of FTP server, HTTP server, PHP, MYSQL from step 1) would be SO technical in nature that it would take someone with a college degree in computer science to do it. Problem is I have no "tech support" person or "network administrator". I AM the "tech support" or "administrator". I run my own network, and do it as simple as possible because I have no training in this. Any experience I may have is not from professional training, but rather experimentation on my own. This is not NEARLY the level of experience needed to set up FTP server, HTTP server, PHP, and MYSQL; ALL MANUALLY FROM THE BEGINNING. Before I go running off to upgrade any of the components that come with Xampp, I need to be 100% sure that such an upgrade is really needed. I won't upgrade if the sureness is 99% or less. Do you see where I'm coming from now?

So with this in mind, please answer my question.
Again, my question is: Does Filezilla 0.9.29 server have this vulnerability or not?

Very much so.

Which of my questions was this a reply to?

[botg]

Again, my question is: Does Filezilla 0.9.29 server have this vulnerability or not?

Did you read the sticky?

[boco]

it came with the Xampp package

Well, do you know that we don't support the FileZilla server of XAMPP here? Not even if it is untouched, because we never know. The package is provided by Apachefriends and you have to ask for support there.

FileZilla Server >=0.9.27

Any FileZilla Server from this site with a version number of 0.9.27 or above does not have this vulnerability. I can't say anything about the XAMPP one.

[nitram]

I don't care if it's the server's fault. I can't force my hosting provider to change all their configurations, because they will not give a sh*t. I need a client that can be forced to be backward compatible.

Why being so facist about it? Put a happy innocent checkbox in the options dialog to force LIST commands instead of MLSD.

It's like if you got a new card from your bank that's useless in all ATMs at your zone.
You don't care about magnetic card specifications, you want to get things done, you want to get cash out of the damn machine!

Btw: For the people that's using an older FileZilla, which version works for you? Thanks.

-Martín

[botg]

This issue has been discussed to death already.

These servers are broken, they have a known security vulnerability. In this case compatibility will only be implemented over my cold, dead body.

Closing topic.