You're welcome.Really, many many thanks filezilla...
Discussion topic: It's the server's fault!
Moderator: Project members
Re: Discussion topic: It's the server's fault!
Re: Discussion topic: It's the server's fault!
ProFTPD 3.1.2rc2 is out.
-
- 226 Transfer OK
- Posts: 619
- Joined: 2005-11-02 06:41
Re: Discussion topic: It's the server's fault!
Your production server has an outstanding security flaw.nicofr wrote:Thanks Filezilla !!!
All my customers who have upgraded their release of filezilla are now completly blocked ! My FTP server is a production server and i can not upgrade it for the moment.
Really, many many thanks filezilla...
-
- 500 Command not understood
- Posts: 1
- Joined: 2008-09-23 19:50
Re: Discussion topic: It's the server's fault!
This is really amazing. I've worked in IT/IS for over 10 years now, and whenever possible recommend open source solutions. The same question comes up every time - what happens if something goes wrong? How do we get it fixed? Not to worry, I say! Open source developers are always quick to find a solution to any problem! Apparently I was wrong. Not only is a solution not forthcoming, the snippy and infantile responses make me have serious doubts about this product.
So what do I do now? Well, let's go over the options presented:
1) Make my "host" fix their ftp server - My host is a unique financial services company that deals with financial services, not technology services. They have an ftp server. It works for everyone else. Taking my business elsewhere is not really an option. It's not a matter of switching ISP's. You do realize there are servers out there that are not hosted by ISP's, right?
2) Fork the code and fix it myself - Easier to find a different client.
3) Use an earlier version - I suppose that's possible. I guess I would need to compare the features of the earlier version to the features of other ftp clients as well as consider all the other new features that client x may be considering, since it appears I'll never be able to use FileZilla to conduct business.
4) Pick a different client - This really seems to make the most sense.
I imagine the response will be something along the lines of "fine, I don't need you anyway," which is true. I don't need you either. My recommendation to others living in the real world and experiencing this problem would be to find another solution.
So what do I do now? Well, let's go over the options presented:
1) Make my "host" fix their ftp server - My host is a unique financial services company that deals with financial services, not technology services. They have an ftp server. It works for everyone else. Taking my business elsewhere is not really an option. It's not a matter of switching ISP's. You do realize there are servers out there that are not hosted by ISP's, right?
2) Fork the code and fix it myself - Easier to find a different client.
3) Use an earlier version - I suppose that's possible. I guess I would need to compare the features of the earlier version to the features of other ftp clients as well as consider all the other new features that client x may be considering, since it appears I'll never be able to use FileZilla to conduct business.
4) Pick a different client - This really seems to make the most sense.
I imagine the response will be something along the lines of "fine, I don't need you anyway," which is true. I don't need you either. My recommendation to others living in the real world and experiencing this problem would be to find another solution.
Re: Discussion topic: It's the server's fault!
But even that company MUST have an administrator maintaining the server. I think they will be very interested to learn that their server has a security problem. Any attack could affect their business, so they will most likely look into the problem and try to fix it. Or at least I hope so.
Setting up a FTP server and not updating/maintaining it is ignorant at best, such an administrator should be fired immediately.
Setting up a FTP server and not updating/maintaining it is ignorant at best, such an administrator should be fired immediately.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Command not understood
- Posts: 2
- Joined: 2008-09-10 15:14
- First name: Daniel
- Last name: Rose
Re: Discussion topic: It's the server's fault!
Would anyone know how to contact the administrator of the AT&T Worldnet Personal Web Page servers at upload.att.net? Worldnet has stopped both its E-mail and help-newsgroup support. FileZilla was the only still free program I could find that provided the explicit TLS connections these servers needed. For now, I am using version 3.0.11.1.boco wrote:But even that company MUST have an administrator maintaining the server. I think they will be very interested to learn that their server has a security problem. Any attack could affect their business, so they will most likely look into the problem and try to fix it.
Thank you.
-
- 226 Transfer OK
- Posts: 619
- Joined: 2005-11-02 06:41
Re: Discussion topic: It's the server's fault!
Try the number on your service bill.
-
- 500 Command not understood
- Posts: 1
- Joined: 2008-02-27 17:09
- First name: Philipp
- Last name: Rosenberger
Re: Discussion topic: It's the server's fault!
Hi,
For users of proftpd, you can finde the patch for 1.3.1 here: http://bugs.proftpd.org/attachment.cgi? ... ction=view
I found it on the proftpd bugzilla here: http://bugs.proftpd.org/show_bug.cgi?id=3094
If your distributor do not include this patch you can patch i your self or send them those links, then it would be easy to fix it for them.
I tested this patch here on my gentoo box with proftpd-1.3.1 and it works well
kind regards,
iluminat23
For users of proftpd, you can finde the patch for 1.3.1 here: http://bugs.proftpd.org/attachment.cgi? ... ction=view
I found it on the proftpd bugzilla here: http://bugs.proftpd.org/show_bug.cgi?id=3094
If your distributor do not include this patch you can patch i your self or send them those links, then it would be easy to fix it for them.
I tested this patch here on my gentoo box with proftpd-1.3.1 and it works well
kind regards,
iluminat23
-
- 500 Command not understood
- Posts: 1
- Joined: 2008-08-22 14:56
- First name: Jeff
- Last name: Lock
Re: Discussion topic: It's the server's fault!
ECONNABORTED error appears on versions 3.0.13 not 3.0.11
I tested this 20 minutes ago on 3.0.11 and my files appear, upgraded to 3.0.13 with the same settings and received:
Command: LIST
Response: 125 List started OK
Status: Server did not properly shut down TLS connection
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
Response: 250 List completed successfully.
Error: Failed to retrieve directory listing
I have noticed this since version 3.0.12 came out.
I tested this 20 minutes ago on 3.0.11 and my files appear, upgraded to 3.0.13 with the same settings and received:
Command: LIST
Response: 125 List started OK
Status: Server did not properly shut down TLS connection
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
Response: 250 List completed successfully.
Error: Failed to retrieve directory listing
I have noticed this since version 3.0.12 came out.
Re: Discussion topic: It's the server's fault!
You sir, have a broken server! You have to upgrade to a better one.
-
- 500 Command not understood
- Posts: 3
- Joined: 2008-09-28 13:51
- First name: Hover
- Last name: Down
Re: Discussion topic: It's the server's fault!
I have a few sites, running on different servers, with the same web host. I've hit this ECONNABORTED - Connection aborted snafu on some, while others seem fine. Running v3.1.3.
Here's a debug listing of 1.) successful FTPS transaction; 2.) failed FTPS transaction:
( '<------------' indicates where differences begin)
SUCCESSFUL
FAILED
Hoping these may assist - somehow.
Here's a debug listing of 1.) successful FTPS transaction; 2.) failed FTPS transaction:
( '<------------' indicates where differences begin)
SUCCESSFUL
Code: Select all
08:36:55 Status: Disconnected from server
08:36:55 Trace: CFtpControlSocket::ResetOperation(66)
08:36:55 Trace: CControlSocket::ResetOperation(66)
08:36:55 Status: Resolving address of ftp.anothersite.com
08:36:56 Status: Connecting to xxx.xxx.232.2:990...
08:36:56 Status: Connection established, initializing TLS...
08:36:56 Trace: CTlsSocket::Handshake()
08:36:56 Trace: CTlsSocket::Handshake()
08:36:56 Trace: CTlsSocket::Handshake()
08:36:56 Trace: CTlsSocket::Handshake()
08:36:56 Trace: Handshake successful
08:36:56 Trace: Cipher: AES-128-CBC, MAC: SHA1
08:36:56 Status: Verifying certificate...
08:36:56 Trace: CFtpControlSocket::SendNextCommand()
08:36:56 Status: TLS/SSL connection established, waiting for welcome message...
08:36:56 Trace: CFtpControlSocket::OnReceive()
08:36:56 Response: 220 SurgeFTP xxx.xxx.232.2 (Version 2.3a3)
08:36:56 Trace: CFtpControlSocket::SendNextCommand()
08:36:56 Command: USER myusername
08:36:56 Trace: CFtpControlSocket::OnReceive()
08:36:56 Response: 331 Password required for myusername.
08:36:56 Trace: CFtpControlSocket::SendNextCommand()
08:36:56 Command: PASS **********
08:36:56 Trace: CFtpControlSocket::OnReceive()
08:36:56 Response: 230 User myusername logged in.
08:36:56 Trace: CFtpControlSocket::SendNextCommand()
08:36:56 Command: PBSZ 0
08:36:57 Trace: CFtpControlSocket::OnReceive()
08:36:57 Response: 200 Great whatever you say
08:36:57 Trace: CFtpControlSocket::SendNextCommand()
08:36:57 Command: PROT P
08:36:57 Trace: CFtpControlSocket::OnReceive()
08:36:57 Response: 200 Data channel will be encrypted
08:36:57 Status: Connected
08:36:57 Trace: CFtpControlSocket::ResetOperation(0)
08:36:57 Trace: CControlSocket::ResetOperation(0)
08:36:57 Status: Retrieving directory listing...
08:36:57 Trace: CFtpControlSocket::SendNextCommand()
08:36:57 Trace: CFtpControlSocket::ChangeDirSend()
08:36:57 Command: PWD
08:36:57 Trace: CFtpControlSocket::OnReceive()
08:36:57 Response: 257 "\" is current directory.
08:36:57 Trace: CFtpControlSocket::ResetOperation(0)
08:36:57 Trace: CControlSocket::ResetOperation(0)
08:36:57 Trace: CFtpControlSocket::ParseSubcommandResult(0)
08:36:57 Trace: CFtpControlSocket::ListSubcommandResult() <------------
08:36:57 Trace: CFtpControlSocket::ResetOperation(0)
08:36:57 Trace: CControlSocket::ResetOperation(0)
08:36:57 Status: Directory listing successful
FAILED
Code: Select all
08:37:56 Status: Disconnected from server
08:37:56 Trace: CFtpControlSocket::ResetOperation(66)
08:37:56 Trace: CControlSocket::ResetOperation(66)
08:37:56 Status: Resolving address of ftp.example.com
08:37:56 Status: Connecting to xxx.xxx.83:990...
08:37:56 Status: Connection established, initializing TLS...
08:37:56 Trace: CTlsSocket::Handshake()
08:37:56 Trace: CTlsSocket::Handshake()
08:37:56 Trace: CTlsSocket::Handshake()
08:37:56 Trace: CTlsSocket::Handshake()
08:37:56 Trace: Handshake successful
08:37:56 Trace: Cipher: AES-128-CBC, MAC: SHA1
08:37:56 Status: Verifying certificate...
08:37:56 Trace: CFtpControlSocket::SendNextCommand()
08:37:57 Status: TLS/SSL connection established, waiting for welcome message...
08:37:57 Trace: CFtpControlSocket::OnReceive()
08:37:57 Response: 220 SurgeFTP xxx.xxx.217.83 (Version 2.3a3)
08:37:57 Trace: CFtpControlSocket::SendNextCommand()
08:37:57 Command: USER myusername
08:37:57 Trace: CFtpControlSocket::OnReceive()
08:37:57 Response: 331 Password required for myusername.
08:37:57 Trace: CFtpControlSocket::SendNextCommand()
08:37:57 Command: PASS ***********
08:37:57 Trace: CFtpControlSocket::OnReceive()
08:37:57 Response: 230 User myusername logged in.
08:37:57 Trace: CFtpControlSocket::SendNextCommand()
08:37:57 Command: PBSZ 0
08:37:57 Trace: CFtpControlSocket::OnReceive()
08:37:57 Response: 200 Great whatever you say
08:37:57 Trace: CFtpControlSocket::SendNextCommand()
08:37:57 Command: PROT P
08:37:57 Trace: CFtpControlSocket::OnReceive()
08:37:57 Response: 200 Data channel will be encrypted
08:37:57 Status: Connected
08:37:57 Trace: CFtpControlSocket::ResetOperation(0)
08:37:57 Trace: CControlSocket::ResetOperation(0)
08:37:57 Status: Retrieving directory listing...
08:37:57 Trace: CFtpControlSocket::SendNextCommand()
08:37:57 Trace: CFtpControlSocket::ChangeDirSend()
08:37:57 Command: PWD
08:37:57 Trace: CFtpControlSocket::OnReceive()
08:37:57 Response: 257 "/" is current directory.
08:37:57 Trace: CFtpControlSocket::ResetOperation(0)
08:37:57 Trace: CControlSocket::ResetOperation(0)
08:37:57 Trace: CFtpControlSocket::ParseSubcommandResult(0)
08:37:57 Trace: CFtpControlSocket::ListSubcommandResult() <------------
08:37:57 Trace: CFtpControlSocket::SendNextCommand()
08:37:57 Trace: CFtpControlSocket::TransferSend()
08:37:57 Command: TYPE I
08:37:57 Trace: CFtpControlSocket::OnReceive()
08:37:57 Response: 200 Type set to I
08:37:57 Trace: CFtpControlSocket::TransferParseResponse()
08:37:57 Trace: CFtpControlSocket::SendNextCommand()
08:37:57 Trace: CFtpControlSocket::TransferSend()
08:37:57 Command: PASV
08:37:58 Trace: CFtpControlSocket::OnReceive()
08:37:58 Response: 227 Entering Passive Mode (xxx,xxx,217,83,82,22).
08:37:58 Trace: CFtpControlSocket::TransferParseResponse()
08:37:58 Trace: CFtpControlSocket::SendNextCommand()
08:37:58 Trace: CFtpControlSocket::TransferSend()
08:37:58 Command: LIST
08:37:58 Trace: CTransferSocket::OnConnect
08:37:58 Trace: CTlsSocket::Handshake()
08:37:58 Trace: CTlsSocket::Handshake()
08:37:58 Trace: CFtpControlSocket::OnReceive()
08:37:58 Response: 150 Opening BINARY connection for \
08:37:58 Trace: CFtpControlSocket::TransferParseResponse()
08:37:58 Trace: CFtpControlSocket::SendNextCommand()
08:37:58 Trace: CFtpControlSocket::TransferSend()
08:37:58 Trace: CTlsSocket::Handshake()
08:37:58 Trace: CTlsSocket::Handshake()
08:37:58 Trace: Handshake successful
08:37:58 Trace: Cipher: AES-128-CBC, MAC: SHA1
08:37:58 Trace: CTransferSocket::OnConnect
08:37:58 Listing: 11-21-03 10:34AM 11514 xxxxx.gif
08:37:58 Listing: 04-14-06 07:27PM <DIR> XXXXX
08:37:58 Listing: 03-30-04 05:38PM 1506257 xxxxx.JPG
08:37:58 Listing: 03-30-04 05:38PM 1504449 xxxxx.JPG
08:37:58 Listing: 03-30-04 05:38PM 1409854 xxxxx.JPG
08:37:58 Listing: 11-19-01 08:52PM 2639 xxxxx.asp
08:37:58 Listing: 05-11-01 07:36AM 240 xxxxx.ASP
08:37:58 Listing: 05-02-07 07:21AM 3109 xxxxx.asp
08:37:58 Listing: 01-26-02 05:52PM 34834 xxxxx.asp
08:37:58 Listing: 05-11-06 10:02AM 21432 xxxxx.asp
08:37:58 Listing: 09-29-06 01:19PM 21432 xxxxx.asp
08:37:58 Listing: 02-24-02 05:29PM 1051 xxxxx.ASPX
08:37:58 Listing: 03-31-04 07:55AM 2159 xxxxx.aspx
08:37:58 Listing: 05-21-04 07:28PM 71676 xxxxx.gif
08:37:58 Listing: 03-04-00 12:35PM 5413 xxxxx.gif
08:37:58 Listing: 09-04-01 01:05PM 1981 xxxxx.ASP
08:37:58 Listing: 06-26-02 05:37AM 3580 xxxxx.asp
08:37:58 Listing: 05-11-01 07:44AM 1778 xxxxx.ASP
08:37:58 Listing: 03-14-00 05:32PM 6481 xxxxx.gif
08:37:58 Listing: 04-14-06 07:31PM <DIR> XXXXX
08:37:58 Listing: 12-16-99 06:50AM 436 xxxxx.asp
08:37:58 Listing: 04-14-06 07:31PM <DIR> XXXXX
08:37:58 Listing: 07-17-08 10:21AM 1959 xxxxx.asp
08:37:58 Listing: 12-20-99 06:58PM 1057 xxxxx.asp
<snip - removed mucho listings>
08:37:59 Listing: 02-03-08 05:42AM 179 xxxxx.php
08:37:59 Trace: CTlsSocket::OnSocketEvent(): pending data, postponing close event
08:37:59 Trace: CFtpControlSocket::OnReceive()
08:37:59 Response: 226 Transfer complete.
08:37:59 Trace: CFtpControlSocket::TransferParseResponse()
08:37:59 Trace: CFtpControlSocket::SendNextCommand()
08:37:59 Trace: CFtpControlSocket::TransferSend()
08:37:59 Trace: CTlsSocket::OnSocketEvent(): pending data, postponing close event
08:37:59 Trace: CTlsSocket::OnSocketEvent(): pending data, postponing close event
08:37:59 Listing: 09-06-01 06:09AM 1159 xxxxx.asp
08:37:59 Listing: 12-15-99 01:15PM 2506 xxxxx.html
08:37:59 Listing: 07-30-01 10:17AM 55953 xxxxx.jpg
08:37:59 Listing: 09-06-01 06:11AM 272 xxxxx.txt
08:37:59 Listing: 12-19-99 04:59PM 117 xxxxx.txt
08:37:59 Listing: 09-17-08 12:38PM <DIR> xxxxx
08:37:59 Listing: 02-13-01 05:32PM 16023 xxxxx.cfm
08:37:59 Listing: 10-04-01 07:04PM 6315 xxxxx.gif
<snip - removed mucho listings>
08:37:59 Listing: 10-17-06 01:17PM 40368 xxxxx.gif
08:37:59 Trace: GnuTLS error -9: A TLS packet with unexpected length was received.
08:37:59 Status: Server did not properly shut down TLS connection
08:37:59 Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
08:37:59 Trace: CTransferSocket::TransferEnd(3)
08:37:59 Trace: CFtpControlSocket::TransferEnd()
08:37:59 Trace: CFtpControlSocket::ResetOperation(2)
08:37:59 Trace: CControlSocket::ResetOperation(2)
08:37:59 Trace: CFtpControlSocket::ParseSubcommandResult(2)
08:37:59 Trace: CFtpControlSocket::ListSubcommandResult()
08:37:59 Trace: CFtpControlSocket::ResetOperation(2)
08:37:59 Trace: CControlSocket::ResetOperation(2)
08:37:59 Error: Failed to retrieve directory listing
Hoping these may assist - somehow.
Re: Discussion topic: It's the server's fault!
YOU NEED TO UPGRADE TO A BETTER SERVER.Hoping these may assist - somehow.
-
- 500 Command not understood
- Posts: 3
- Joined: 2008-09-28 13:51
- First name: Hover
- Last name: Down
Re: Discussion topic: It's the server's fault!
??YOU NEED TO UPGRADE TO A BETTER SERVER.
Your solution makes no sense and doesn't seem helpful.
Perhaps you meant YOUR FTP SERVER SOFTWARE (SurgeFTP in this case) needs adjusting or upgrading, but not needing an UPGRADE TO A BETTER SERVER!?!?
SurgeFTP
http://www.netwinsite.com/surgeftp/
So, what to do?? Adjust config, ditch this software in favor of something else, or .. BETTER SERVER?? Thanks,
-
- 226 Transfer OK
- Posts: 619
- Joined: 2005-11-02 06:41
Re: Discussion topic: It's the server's fault!
The software that runs a network service is called a daemon, a service, or a server. This is in addition to the physical hardware being called a server. Yes, same term with two meanings. Remarkably common in English. Context makes it obvious most of the time. Here, he means "upgrade your ftp daemon".
Send a bug report to SurgeFTP. Tell them the exact problem being caused. Give them links to this thread.
The issue here is that there are two RFCs that describe two distinct methods of closing the TLS connection depending on how the TLS connection was established. The first post in this thread has a nice quote from the ProFTPd developers list that describes the problem well. Many servers were doing it only one way. Vsftpd and ProFTPd had to be fixed. So did FileZilla Server. The fact that so many servers not related to FileZilla have issued updates suggests that botg's interpretation of the RFC spec here is the correct one. Otherwise, some developer would have successfully argued against it.
Send a bug report to SurgeFTP. Tell them the exact problem being caused. Give them links to this thread.
The issue here is that there are two RFCs that describe two distinct methods of closing the TLS connection depending on how the TLS connection was established. The first post in this thread has a nice quote from the ProFTPd developers list that describes the problem well. Many servers were doing it only one way. Vsftpd and ProFTPd had to be fixed. So did FileZilla Server. The fact that so many servers not related to FileZilla have issued updates suggests that botg's interpretation of the RFC spec here is the correct one. Otherwise, some developer would have successfully argued against it.
Re: Discussion topic: It's the server's fault!
Status: Server did not properly shut down TLS connection = Security flaw on the FTP server = The server needs to be fixed and upgraded.
botg cannot fix Filezilla Client because Filezilla Client is not broken. I's just strictly enforcing the RFC which states the connection MUST be shutdown properly by the server.
botg cannot fix Filezilla Client because Filezilla Client is not broken. I's just strictly enforcing the RFC which states the connection MUST be shutdown properly by the server.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org