How do I install FTP on IIS 7.5

Question: How do I install FTP on IIS 7.5 in Windows?

Answer: IIS (Internet Information Service) is a set of Microsoft’s Internet-based services. As a web server, it is second only to Apache HTTP Server, serving 29% of all websites. In addition to HTTP services, it also includes FTP. On Windows Server 2008, installing FTP is pretty painless. Just follow these easy steps:

1. Click Start on the taskbar and select Administrative Tools -> Server Manager
2. In the Server Manager window, click Roles to expand it and then select Web Server (IIS).
3. Now in the Web Server (IIS) pane, go to Role Services and click Add Role Services.
4. Now expand FTP Server in the Select Role Services page.
5. Choose FTP Service and click Next.
6. Finally, click Install and Close.

It is that simple. Now, you should have an FTP service running and ready to start receiving clients. In a future post, we will learn how to configure an FTP server.

Source: Learn IIS

The benefits of SFTP

FTP is the primary method used by website owners to upload content to their servers or distribute large amounts of data. FTP is easy to use and generally efficient at doing its job, but no one would claim that it is completely secure. Generally speaking, files you upload to your website are public anyway, so you might not care if someone intercepts an FTP session’s contents.

When dealing with private information, however, it is a good idea to use a secure transfer method. It is also a better practice in general to use something secure so that your transactions and possibly client and user transactions are not available for the world to see. SFTP is a method of transferring data over an SSH channel.

There are SFTP clients available, and many FTP clients also support SFTP. They may even refer to it as SSH, since SFTP stands for SSH File Transfer Protocol. SFTP does require the user to have an SSH account, and some web hosting providers do not allow them, but if yours does, it is an excellent alternative to FTP.

Photo: Wikimedia

How to delete multiple files in various directories in Linux

Question: When uploading files to my Linux server from my windows computer, I have accumulated WS_FTP.log files and thumbs.db files in multiple directories. Is there an easy way to delete all of them at once without navigating through each directory?

Answer: With Linux, of course there is. You can accomplish this with the “find” command, and you can apply the same technique to any files you need to remove on a mass scale. To remove thumbs.db files, enter the following from a SSH command line:

find /home/user -name Thumbs.db -ok rm {} \;

And if you do not want to be prompted for each deletion, add the “-f” flag:

find /home/user -name Thumbs.db -ok rm -f {} \;

To find any other file, just replace the “Thumbs.db” with the appropriate filename.

find /home/user -name WS_FTP.LOG -ok rm -f {} \;

Source: webhostingtalk.com
Flickr: Flickr

How to create FTP account with cPanel

Most cPanel installations will allow you to create multiple FTP accounts even if you have a shared web hosting account. And if you have a virtual private server or dedicated server, you certainly will have this option as well. Just follow these simple steps:

1. Login to cPanel
2. Scroll down tot he “Files” section
3. Click “FTP Accounts”
4. Enter the login name and password
5. Enter the base directory for the user
6. Set a disk space quota (the default is unlimited)

On a shared hosting account, even if you have multiple domains, all FTP accounts will still use your default domain. That means that different domains cannot have duplicate FTP login names. Finally, click “Create FTP Account”, and you are finished.

How to disable hidden files in ProFTPD

Question: How do I disable the viewing of hidden files in ProFTPD so that my clients can’t see them?

Answer: It is fairly easy to conceal hidden files in ProFTPD, but before you do, you should be aware of the consequences. Users will not be able to see their own .htaccess and .htpasswd files, which may be necessary if they install content management systems or want to enable any number of other Apache features.

If you insist on proceeding despite the consequences, open your /etc/proftpd.conf file and edit the following line:

IgnoreHidden on

With this feature turned on, ProFTPD will ignore any hidden files completely. Most will find the price of hiding .htaccess from users too great, and there truthfully is no harm in having users see their hidden files, provided you have properly chrooted their accounts. Furthermore, if the hidden files bother users, they can disable viewing them in their FTP clients.

Source: webhostingtalk.com

Vsftpd an alternative FTP server

Vsftpd stands for “Very Secure FTP Daemon”, and is a an ftp server for Linux and other UNIX-like operating system. As the name implies, it claims to be more secure than the typical FTP server and boasts a number of useful features, including:

Virtual IP configurations
Virtual users
Standalone or inetd operation
Powerful per-user configurability
Bandwidth throttling
Per-source-IP configurability
Per-source-IP limits
IPv6
Encryption support through SSL integration

In addition to security, a number of major free software and computer corporations rely on vsftpd for its stability under stress, transferring large amounts of data. Vsftpd is free software, released under the GNU General Public License. You can download it for free from their website or install it through your Linux distribution repository.

Source: vsftpd
Photo: Flickr

Safe anonymous FTP

Question: Is it safe to setup anonymous FTP services for my website visitors?

Answer: Anonymous FTP can be a useful feature when used correctly. If you are moving a lot of files, especially if you have some type of software or game repository, anonymous FTP may be a practical and easy solution.

Anytime you give users one more way to access your server, however, you open up new possibilities for security breaches. Your web server, most likely uses port 80 for HTTP and port 443 for HTTPS. By providing anonymous FTP access, you are adding port 21 into the mix. Here are a few things you can do to make sure it is secure:

1. Check to make sure the SITE EXEC command is disabled
2. Make sure you have chrooted your users so that they cannot access other directories.
3. Make sure that the files are not writable by the users. If you need users to upload files, only their own chrooted directory should be writable.
4. Make sure no files or directories are owned by “ftp” or whatever user your FTP server runs as.

Be vigilant and plan carefully, and you should be able to have a safe and secure anonymous FTP server.

How to install and configure ProFTPD in RHEL/CentOS/Fedora Linux

ProFTPD is one of the most widely used and trust Linux-based FTP servers. When installed on a dedicated server, ProFTPD can act as a virtual ftp server host to multiple user accounts. It also allows anonymous FTP, if needed, chroot jail support, SSL/TLS encryption, and much more.

nixCraft has an excellent tutorial for installation and configuration of ProFTPD in CentOS, Redhat Enterprise Linux, and Fedora.

To install ProfFTPD, type the following as root:

# yum install proftpd

To make ProFTPD start whenever the system boots, enter:

# chkconfig --level 3 proftpd on

To start it immediately, type:

# service proftpd start

Read the rest of the nixCraft article.

How to troubleshoot an Internal Server Error

Question: My CGI script is giving me a 500 Internal Server Error. What should I do?

Answer: It is one of the most dreaded errors Apache can throw at you: the 500 Internal Server Error. When you get it, you often have no idea what caused it or why. Here are a few things you can do to troubleshoot it.

1. Check the location. Make sure you have uploaded the scripts in the right place.

2. Check the upload method. Your FTP program should upload Perl scrips in ASCII not in binary mode.

3. Make sure the file permissions are set to 755 to make the script executable.

4. Often times modifications to the script, if required to configure, can cause an error. You might have slipped in an unsupported character or made a typo.

If it still does not work, try running the script from the command line and see if it spits out an error. If you still cannot figure it out, you might want to talk to the developer. The script just might be incompatible with your server. Most importantly, don’t give up.

Photo: Flickr

FXP: The Good, The Bad, and The Ugly

FXP stands for File eXchange Protocol, and is a method of data transfer that allows a user to transfer files from one server to another, without going through the user’s computer or network.

The Good: In essence it is the closest thing to server-to-server transfer without direct access and the ability to initiate a connection directly from a server.

The Bad: Many servers do not support FXP or have it disabled. Furthermore, normal FTP clients often are not designed for it, but there are a few FXP specific clients.

The Ugly: The reason many web hosting provider system administrators disable it is that it can pose a security risk that most admins are not willing to take. It can expose a server to a vulnerability known as FTP bounce, where an attacker gains access to a server through a port opened by an innocent user, utilizing their machine as a conduit.

As a result, it seems as though most web hosts consider the bad to outweigh the good, and FXP is rarely used. Aside from transferring a site from one server to another, there are few reasons for someone with a shared hosting account to need it at all.

Photo Source: Flickr