<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Verdana","sans-serif";
color:#1F497D;
font-weight:normal;
font-style:normal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> blueonyx-bounces@blueonyx.it [mailto:blueonyx-bounces@blueonyx.it] <b>On Behalf Of </b>Chuck Tetlow<br><b>Sent:</b> Monday, November 08, 2010 7:28 PM<br><b>To:</b> BlueOnyx General Mailing List<br><b>Subject:</b> [BlueOnyx:05728] Re: http://bugs.proftpd.org/show_bug.cgi?id=3521<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:10.0pt'>I can see two major problems with the idea. <br><br>1) We have TCP Port 22 access into our internal networks locked down at the main router. Only the company administrators can SSH into our networks. But if you want to replace FTP with SSH/SFTP - we'd have to remove that. Then we'd either have to put in a ALLOW for each individual file transfer user or leave our servers open to hacking attempts from all around the world again (that's why we implemented the controls in the first place). <br><br>2) I've tested SSH/SFTP with the CoreFTP client into our BX servers in the past. Unlike FTP - there are no controls once authenticated into the server. With FTP - the user can only navigate their own directory, or their own site if they are a administrator. But with SSH/SFTP - the user was able to browse the entire file system, including system files and files on other virtual websites. NOT very secure, and not something that could be allowed. And that's the second reason for the TCP Port 22 access controls to our servers. <br><br>Unless that second problem could be resolved - there is NO way to allow SSH/SFTP access to our BX servers. <br><br>And even if you fix that second problem - it leaves me having to put in ALLOW IP access rules for each site's users who want to move files up/down. <br><br>NO THANK YOU! We'll stick with FTP. <br><br><br><br>Chuck <br><br><br><br><br><b>---------- Original Message -----------</b> <br>From: Jeff Jones <jeffrhysjones@mac.com> <br>To: BlueOnyx General Mailing List <blueonyx@blueonyx.it> <br>Sent: Mon, 08 Nov 2010 22:53:42 +0000 <br>Subject: [BlueOnyx:05727] Re: <a href="http://bugs.proftpd.org/show_bug.cgi?id=3521" target="_blank">http://bugs.proftpd.org/show_bug.cgi?id=3521</a> <br><br>> This is a teeny bit off topic, but how about BX using proftp with mod_sftp? <br>> <br>> Using this would mean you get full secure file transfer, plus, unlike using OpenSSL for ssh / sftp, you don't have to worry about giving shell access, jails etc. <br>> <br>> Some clear instructions here: <br>> <br>> <a href="http://www.directadmin.com/forum/showthread.php?t=30607" target="_blank">http://www.directadmin.com/forum/showthread.php?t=30607</a> <br>> <br>> Any see any reason why this method would not work with BX? How tricky would this be to build in? <br>> <br>> Jeff <br>> <br>> Sent from my iPhone <br>> <br>> On 8 Nov 2010, at 22:27, Michael Stauber <mstauber@blueonyx.it> wrote: <br>> <br>> > Hi Jerry, <br>> > <br>> >> <a href="http://bugs.proftpd.org/show_bug.cgi?id=3521" target="_blank">http://bugs.proftpd.org/show_bug.cgi?id=3521</a> <br>> >> <br>> >> 1.3.3c released <br>> >> [29/Oct/2010] <br>> >> The ProFTPD Project team has released 1.3.3c to the community. This is an <br>> >> important security release, containing fixes for a Telnet IAC handling <br>> >> vulnerability and a directory traversal vulnerability in the mod_site_misc <br>> >> module. The RELEASE_NOTES and NEWS files contain the full details. <br>> > <br>> > We weren't affected by the mod_site_misc vulnerability, as our ProFTPd didn't <br>> > contain that module. But yeah, the Telnet IAC handling issue was an item. <br>> > <br>> > An updated ProFTPd is just hitting the mirrors. <br>> > <br>> > -- <br>> > With best regards <br>> > <br>> > Michael Stauber <br>> > _______________________________________________ <br>> > Blueonyx mailing list <br>> > Blueonyx@blueonyx.it <br>> > <a href="http://www.blueonyx.it/mailman/listinfo/blueonyx" target="_blank">http://www.blueonyx.it/mailman/listinfo/blueonyx</a> <br>> _______________________________________________ <br>> Blueonyx mailing list <br>> Blueonyx@blueonyx.it <br>> <a href="http://www.blueonyx.it/mailman/listinfo/blueonyx" target="_blank">http://www.blueonyx.it/mailman/listinfo/blueonyx</a> <br><b>------- End of Original Message -------</b> </span><o:p></o:p></p></div></div></body></html>