Starting with Internet Explorer 7 from Microsoft, certain “security” settings were put into place to protect Microsoft Windows users from being able to view certain types of documents stored on a FTP Server. These document types include .DOC, .XLS, .DOCX, .PDF, .DWG, etc…
The interesting thing is that when using IE7 as an FTP Client to download these types of files from BulletProof FTP Server (or any FTP Server), the file will download correctly and will be stored in the user’s temporary directory on the local-os, then; prior, to executing the application which is associated with the document type, some other Microsoft process makes a security-determination on the file and decides to delete the file or not (without prompting the OS-User). This results in an error message to the User, indicating that the file could not be downloaded.
While Microsoft’s Documentation and instructions on implementing the fix is correct, the Windows Registry Key for the fix is INCORRECT. In addition, Windows XP SP3 DOES NOT include a working HOTFIX (as they state).
You might have seen it before, tons and tons of login attempts as random users in your installation of BPFTP Server.
This is the result of a brute-force attack against the FTP Server and results in thousands of login-attempts to the ftp-server using common user-name and either default or dictionary based passwords.
The attacker is usually using several computers, from different points in the world against thousands and thousands of computers on the internet. Once a common tcp/ip port (like ftp’s port 21) is identified, it enters a mode of attack in which a connection is made to the ftp-server and the brute-force attack begins.
In order to combat these types of attacks, we’ve included a feature call Kick + BAN. Turning on this feature (off by default) will automatically detect these types of attacks and help to thrawt the attack by severing the control-connection and adding the attacker’s IP to the banned-ip-list, keeping them from ever connecting again.
The setting can be found by pulling down the menu Setup -> Main -> General and clicking on Options found in the left panel, then look for the checkbox labeled Limit USER / PASS.
We recommend setting the number of attempts to 5 and set the Kick + BAN.
Please Note: The Kick + BAN feature works against common brute-force attacks, where the attacker opens the control-connection and leaves it open for each login attempt made. This is a common method as the amount of time it takes to establish a tcp/ip connection for each attempt is considerably lengthy and would drastically reduce the effectiveness of a brute-force attack if a new connection needed to be made each time.
Starting sometime last weekend, McAfee updated their virus definitions and is now erroneously identifying our software as containing a virus. We are working with McAfee to get this fixed and we’re hoping to get it resolved ASAP!
As of today, Sep 10, 2008, McAfee has been very responsive and resolved the issue with their latest Virus DAT 5380. If you are experiencing a problem, make sure your Anti-Virus is update to date.
The problem seems to manifest itself in two different ways:
1) BPFTPSERVER.EXE is our main executable and in Virus Definition DAT 5379, the file is being misidentified as “potentiallyFalse Trojan“. As of today, Sep 9 2008, we received word back from McAfee that this has been corrected with Virus Definition DAT 5380.
2) BPFTPSERVER-SERVICE.EXE is the executable which manages BPFTP Server while it’s running as a Windows Service. In the current virus definition DAT 5379, this is being misidentified as “G6SERVICE Potentially Unwanted Program”. While we’re not sure why it got labeled as a “potentially unwanted program”, the G6SERVICE piece is because it shares a majority of code with an ancestor of BPFTP Server called G6FTP Server, which was rebranded about 6 years ago. As of today, Sep 10, we’ve configirmed that Virus Definition DAT 5380 fixes the problem.
FIXING THE CORRUPTION CAUSED BY MCAFEE ANTI-VIRUS
Again, we are working with McAfee to get this corrected as soon as possible as it certainly affects us all very much. Please continue to make sure your virus definitions are up-to-date with McAfee, alternatively you can tell it to ignore the installation directory for the software and prevent this problem from ocurring.
If McAfee Anti-Virus has already deleted these files, they can be resurrected by downloading/installing the current version from our website. Before installing the current version, please copy the *.INI files from your installation directory to a safe location and install in the same directory. This will help to ensure that everything goes smoothly with your upgrade.
Today, we published additional information on the types of barcodes (symbologies) supported by both Label Magic and Barcode Magic. With Label Magic, these barcodes are available to label-definitions; for Barcode Magic, the barcodes are available for generation and export into your favorite Windows application (Adobe PageMaker, Microsoft Word, Adobe Illustrator, Microsoft Excel, etc).
The supported barcode types include:
UPC-A and UPC-E
Code 3 of 9 (normal, check-digit and extended)
EAN-8 and EAN-13
GS1-128 and EAN-128
Interleaved 2 of 5
Next, you’ll want to create a batch-file with the following lines (save this to your “bin” directory as “event-fileuploaded.cmd”:
echo %DATE% %TIME% – File Uploaded [%1] for %2 bytes >> c:\ftp\motd.txt
Thirdly, you’ll need to connect this batch-file to the “OnFileUpload” event under the “Events Manager” in BPFTP Server (Ctrl-E). Scroll down until you see the event, then Check-ON the option “Execute” and put in the following command-line:
c:\ftp\bin\event-fileuploaded.cmd %FILE %FILESIZE
Lastly, you need to edit the user which can see the MOTD in “User Accounts” (Ctrl-U) and click on the ftp-user and then “Links & Messages”, Check-ON the “Show Login Message” and type in “c:\ftp\motd.txt” for the file to display.
That’s it! You can test this by logging into the ftp-server, upload a file and then log-in again to see the MOTD!
Using this tool, you can instruct our website to perform a test connection back to your computer running BulletProof FTP Server for Windows.
Starting with Windows XP Service Pack 2, software-based firewalls have become a standard feature to help protect your computer from hackers on the internet.
Going a step further, if your computer is connected to a DSL/Cable modem or Wi-Fi, your computer has been further protected with a more-secure and robust hardware-based firewall. But with this additional protection, comes the need for you to be knowledgable enough to configure these devices to allow BulletProof FTP Server for Windows to be accessible from outside your firewall.
This tool will allow you to test port-forwarding rules setup on your firewall for both the control and data connections and will aid in the determination of your passive (PASV) or port (PORT) mode support.