The Synchronet FTP server has (since 2001) disallowed PORT/EPRT/LPRT commands with a "reserved" port number (i.e. < 1024) as recommended by RFC2577 and when attempted, would log a "SUSPECTED FTP BOUNCE HACK ATTEMPT" in the data/hack.log file.

However, as Karloch (HISPAMSX) pointed out recently, an FTP Bounce Attack to other TCP ports was still possible (and detected/reported by some security scans as a potential vulnerability).

So, reject all PORT/EPRT/LPRT commands that specify an IP address other than that used for the control TCP connection unless the sysop specifically enables the new "ALLOW_BOUNCE" option flag (in the [ftp] section of sbbs.ini) and the user is an authenticated non-guest/anonymous user. And as before, log the attempt as a suspected hack attempt.

This change also removes the "Directory File Access" checkbox from the Synchronet Control Panel for Windows as that feature is "going away" soon (or at least, it won't be an FTP-specific option/feature if it remains).

Also, disable the QWK packet creation timeout edit when QWK packet
download support is disabled.

The days of browsers rendering HTML served-up via FTP are over, so remove this feature. This also removes all JavaScript support from the FTP server and that is a bit odd as it was one of the first Synchronet components for which I added JS support.

Removing this feature was pretty painless; much easier than adding it was. The main motivation was less cruft to port to the file base in the works. There should be no more references to 00index.html anywhere at this point. Bye bye cool feature, we'll miss you.

- "Configure" menus (not working since the IPv6 commit) - both IPv4 and IPv6
   addresses may be specified (comma-separated), or multiple IPv4 addresses!
- Added new "Temp Ban" settings to Properites->Security tab.
- Added context (tab) sensitive "Help" button to Properties page
  (links to section on relevant wiki page).
- Every log window has a new right-click pop-up menu with 2 options:
  1. Copy Selected
  2. Copy All
  Hopefully it's obvious what these menu options do. :-)

New Features:
- Multiple bindings for each service
  Use comma-separated interfaces on Interface= lines in the ini file.
  Default is now "0.0.0.0,::"
- IPv6 support
- TLS support for the webserver and (non-static) services
  New TLS option in services.ini (ie: Options=TLS)
- Decrease LEN_SCAN_CMD to 35 chars, increase the CID field to 45 chars,
  and rename the MAIL_CMD string to IPADDR.  I think this frees up the
  note field for SysOp use.

clients, timeouts, etc.) into the various *srvr.h files and use them instead of
hard-coded constants sprinkled through-out the .cpp files.
Use correct TCP port macros for default port values (not always 23).

(enabled by adding LOOKUP_PASV_IP to the "Options" value in the [ftp] section
of your ctrl/sbbs.ini.
This option tells the FTP server to perform a hostname lookup (on the BBS's
hostname) to determine the correct/current public IP address to use in
PASV responses. This is one more kludge to work around stupid NAT devices
(consumer firewalls/routers).