1. 15 Feb, 2021 1 commit
    • Rob Swindell's avatar
      Disable FTP Bounce (FXP) support by default · ebece39d
      Rob Swindell authored
      The Synchronet FTP server has (since 2001) disallowed PORT/EPRT/LPRT commands with a "reserved" port number (i.e. < 1024) as recommended by RFC2577 and when attempted, would log a "SUSPECTED FTP BOUNCE HACK ATTEMPT" in the data/hack.log file.
      However, as Karloch (HISPAMSX) pointed out recently, an FTP Bounce Attack to other TCP ports was still possible (and detected/reported by some security scans as a potential vulnerability).
      So, reject all PORT/EPRT/LPRT commands that specify an IP address other than that used for the control TCP connection unless the sysop specifically enables the new "ALLOW_BOUNCE" option flag (in the [ftp] section of sbbs.ini) and the user is an authenticated non-guest/anonymous user. And as before, log the attempt as a suspected hack attempt.
      This change also removes the "Directory File Access" checkbox from the Synchronet Control Panel for Windows as that feature is "going away" soon (or at least, it won't be an FTP-specific option/feature if it remains).
  2. 30 Dec, 2020 1 commit
  3. 22 Dec, 2020 1 commit
    • Rob Swindell's avatar
      Remove dynamic HTML index support from FTP server · 0d01544d
      Rob Swindell authored
      The days of browsers rendering HTML served-up via FTP are over, so remove this feature. This also removes all JavaScript support from the FTP server and that is a bit odd as it was one of the first Synchronet components for which I added JS support.
      Removing this feature was pretty painless; much easier than adding it was. The main motivation was less cruft to port to the file base in the works. There should be no more references to 00index.html anywhere at this point. Bye bye cool feature, we'll miss you.
  4. 16 Aug, 2020 1 commit
  5. 24 Jul, 2018 1 commit
    • rswindell's avatar
      The great Copyright year update and (mostly) removal of 2018: · f869ad3d
      rswindell authored
      Most of the copyright years in the source code were misleading (the date of
      most recent publish was actually later) and all were unnecessary. I've been
      removing copyright years piecemeal, for a long time, but I decided it was time
      to just perform a bulk search and (mostly) replace. In some cases, I left
      old copyright years on files that either are not used (and soon to be removed)
      or obsolete and unlikely to ever be touched again (e.g. Win9x FOSSIL VXD). Some
      of the runtime binaries still contain copyright years and those were updated to
  6. 27 May, 2016 1 commit
    • rswindell's avatar
      Server listening interfaces can now be configured again using the various · 25ccb605
      rswindell authored
      - "Configure" menus (not working since the IPv6 commit) - both IPv4 and IPv6
         addresses may be specified (comma-separated), or multiple IPv4 addresses!
      - Added new "Temp Ban" settings to Properites->Security tab.
      - Added context (tab) sensitive "Help" button to Properties page
        (links to section on relevant wiki page).
      - Every log window has a new right-click pop-up menu with 2 options:
        1. Copy Selected
        2. Copy All
        Hopefully it's obvious what these menu options do. :-)
  7. 10 May, 2006 1 commit
    • rswindell's avatar
      Added FTP server option: Lookup Passive IP · dcd3ad43
      rswindell authored
      (enabled by adding LOOKUP_PASV_IP to the "Options" value in the [ftp] section
      of your ctrl/sbbs.ini.
      This option tells the FTP server to perform a hostname lookup (on the BBS's
      hostname) to determine the correct/current public IP address to use in
      PASV responses. This is one more kludge to work around stupid NAT devices
      (consumer firewalls/routers).
  8. 07 May, 2005 1 commit
  9. 21 Jul, 2001 1 commit
  10. 11 Jul, 2001 1 commit
  11. 12 Oct, 2000 1 commit
  12. 10 Oct, 2000 1 commit