Comments on: FTP Security Improvements: Read here how!

By: Nico

Nico — Sun, 29 Nov 2009 12:38:01 +0000

Can we move over and use SFTP instead? I’ve been getting hacked even though I changed my passwords. I think that FTP is too vulnerable with the password being sent in the clear.

By: Tiberiu

Tiberiu — Fri, 20 Nov 2009 04:16:19 +0000

Hello Mike,

You are correct, in part. The right netmask for a block of 32 IP addresses is 255.255.255.224. You also CAN NOT allow the range 76.162.254.100 – 76.162.254.255 in one line. You would need something like this:

76.162.254.100/255.255.255.252
76.162.254.104/255.255.255.248
76.162.254.112/255.255.255.240
76.162.254.128/255.255.255.128

Maybe this link can help you understand subnetting a little better: http://www.tech-faq.com/subnetting.shtml

Also, I will be correcting the post shortly.

By: Mike

Mike — Fri, 20 Nov 2009 02:47:18 +0000

I just spoke to IX web hosting tech support and they told me there is actually no way to allow a range other than using the method where the last number of the IP address is blank to allow the range from 0-255. So I hope you respond to this soon, Tiberiu. Because from where I’m sitting right now, it looks like either you don’t know what you’re talking about, or IX web hosting tech support doesn’t.

By: Mike

Mike — Fri, 20 Nov 2009 01:51:30 +0000

How would I allow IP addresses in the following range?

76.162.254.100 – 74.162.254.255

I thought I had it figured out, but was confused by the last example where for the allow range of:

212.35.128.64 – 212.35.128.95

you had:

ALL: 212.35.128.64/255.255.255.192

I thought the rule was to subtract the number from 255 that you wanted the range to be counted up from the first IP to the last IP listed. But in the last example, 255-192=63, and 64+63=127. So I thought the correct way to add that range would be:

ALL: 212.35.128.64/255.255.255.224

As I understood it, this would allow a count of 31 from x.x.x.64 to bring it up to x.x.x.95, since 255-224=31. Am I wrong or is this example wrong? And If I’m not grasping this, how did you come up with .192 to allow the range from .64 to .95?

By: Dinesh B.

Dinesh B. — Fri, 06 Nov 2009 04:58:18 +0000

Is there a solution yet for windows platforms? Our website was hacked again! Hacker inserted iframe code at the bottom of a few pages. FTP logs shows that it connected from 127.0.0.1, which is from WebShell. Could it be HTTP code injection? There is nothing in the HTTP logs.

By: Ishi

Ishi — Tue, 27 Oct 2009 08:48:23 +0000

This method is working but what to do wth dynamic ip,s as everytime my isp give me new ip so my ftp dont work on every computer restart or after i disconet and conect to net.

So what to do now to work my ftp everytime when i connect net ?
Should every time when i connect internet i have to get my ip then go to webshel and delete old ip and add new ?
If yes then this method is not good, plz give some premanent solution and also my isp dont tell me ip range.

By: Sean

Sean — Thu, 22 Oct 2009 20:15:47 +0000

Is there anything like this for Windows-based hosting solutions? I’d like to restrict access, or at least generate a log of invalid FTP login attempts.

By: johann

johann — Wed, 12 Aug 2009 21:21:37 +0000

@Mae,

Try saving the file with quotes around it and the extension. This should cause windows to accept it as is and not try to add an extension (which is usually helpful).

You can create the files directly with webshell and the editor in there will not try to force an extension on you.

By: Mae

Mae — Sun, 09 Aug 2009 19:49:18 +0000

What program do you use to create the http://ftp.allow and http://ftp.deny files? Wordpad? it puts a .txt extension on the file.
html software? it puts an html extension on the file.
please tell me how to create the files.
Thanks.

By: Tiberiu

Tiberiu — Thu, 30 Jul 2009 14:53:16 +0000

Darren: The problem with your account is it is on a windows server. Unfortunately the allow/deny of ftp access does not work on Windows servers.

By: Tiberiu

Tiberiu — Thu, 30 Jul 2009 14:46:30 +0000

Don, I will be more than happy to help you. Please open a ticket and put in the subject of the ticket “Attn Tibi”. I am very sure the ftp allow/deny combination of files works perfectly, we’ve tested it several times.

By: Don

Don — Thu, 30 Jul 2009 14:07:50 +0000

The http://ftp.allow/ link above does not work. I am having trouble determining how and where to place this file on my webshell.

Thank you

By: DarrenJ

DarrenJ — Sun, 26 Jul 2009 20:14:15 +0000

I’m just testing this. Created the http://ftp.allow and http://ftp.deny files. I thought I’d deny everything ALL: ALL and allow nothing (blank line). Then, when I can’t ftp I’ll know it works and can go into the WebShell and allow my IP Address.

Unfortunately, I can’t bloke myself at all. No matter what I do or where I put the files I can still ftp straight in.

Any chance of some help? Where am I going wrong?

thanks

Darren

By: Tiberiu

Tiberiu — Thu, 23 Jul 2009 13:22:34 +0000

Hello Juan,

I am pretty sure if you have the proper alow and deny files in your account that the “hacker” did not enter using ftp. The infection probably happened using a vulnerability in your site. Please open a ticket and I will go through the logs to see what i can find out for you (you can go through the logs too)

By: juan antonio meca

juan antonio meca — Thu, 23 Jul 2009 07:14:23 +0000

Hello: i install de 19/07 the files http://ftp.allow and http://ftp.deny whit only my dinamycs ip en allow and deny all.

And the 21/07 i have new malicious code in my webs type

Only two days of peace.

Are you sure, this a great thing? or what can i do? It affects only to mys domains o to other customer?

Regards.