Go Back   FlashFXP Forums > > > >

Bug Reports If you discover any bugs that we are not aware of, please post it here so it may be corrected.

Reply
 
Thread Tools Rate Thread Display Modes
Old 01-05-2006, 12:59 AM   #1
SBC
Junior Member
 
Join Date: Jan 2006
Posts: 6
Default IP addresses logged in xferlog?

Strange line i ve found in xferlog today... when i start upload to my ftp from antoher one (site to site) thru flashfxp.. i can see the other computers IP on the xferlog, thats it security risk isnt it? who wants its ftp ip to be on other peoples xferlogs :S
SBC is offline   Reply With Quote
Old 01-05-2006, 01:03 AM   #2
neoxed
Too much time...
FlashFXP Beta Tester
ioFTPD Scripter
 
Join Date: May 2003
Posts: 1,326
Default

Why would that be a bug? That information is part of the xferlog log format (just google "xferlog").

To disable the xferlog completely, give it the read-only attribute.

Quote:
attrib +R C:\ioFTPD\logs\xferlog
neoxed is offline   Reply With Quote
Old 01-05-2006, 08:34 AM   #3
SBC
Junior Member
 
Join Date: Jan 2006
Posts: 6
Default

Quote:
Originally Posted by neoxed
Why would that be a bug? That information is part of the xferlog log format (just google "xferlog").

To disable the xferlog completely, give it the read-only attribute.

Well as i said if someone is doing site to site from my ftp to another computer with ioftpd... my ip will be on that computer wich i dont like... why would it even involve its ip when you are not the one uploading??.

i know i can disable it on somehow but its my security iam concern about... as now i can do a shit maybe disable site to site upload... and once again why why why would it show my ip on someone elses log...



Thx for replying....and yeah my english is rusty
SBC is offline   Reply With Quote
Old 01-05-2006, 10:20 AM   #4
Harm
Too much time...
Ultimate Scripter
 
Join Date: Jul 2003
Posts: 1,430
Default

Because the ip address you've found in the xferlog is the one associated with the data connection. When you transfer files between two ftp servers (fxp), the data connection is established between the two servers; you're only involved for the control connection.
Harm is offline   Reply With Quote
Old 01-10-2006, 08:56 PM   #5
SBC
Junior Member
 
Join Date: Jan 2006
Posts: 6
Default

Quote:
Originally Posted by Harm
Because the ip address you've found in the xferlog is the one associated with the data connection. When you transfer files between two ftp servers (fxp), the data connection is established between the two servers; you're only involved for the control connection.


Yeah but still, i havent seen any FTP do this, even raidenftpd loggs the ip of the person who uploads it...
SBC is offline   Reply With Quote
Old 01-19-2006, 04:02 AM   #6
oslike
Member
 
Join Date: Dec 2003
Posts: 90
Default

SBC,

i dont underestand why you consider seeing the FXP-IP in your log a security issue. This gives you the possibility to control where your fxp uploads come from.

Why would you bother if others see your ip on FXP from you? Do you have anything to hide?
oslike is offline   Reply With Quote
Old 03-07-2006, 01:55 PM   #7
SBC
Junior Member
 
Join Date: Jan 2006
Posts: 6
Default

Quote:
Originally Posted by oslike
SBC,

i dont underestand why you consider seeing the FXP-IP in your log a security issue. This gives you the possibility to control where your fxp uploads come from.

Why would you bother if others see your ip on FXP from you? Do you have anything to hide?



Its not problem for me to se were the files comes from the problem is, when a user do site to site from my site too another site, then that other site have my ip... and yes i see that as security issue since i dont want my ip to be on antoher sites, offcourse i can disable the site to site thing but ill rather change ftp server software than disabling site to site.

Maybe there is a way to disable creation of xferlog or maybe so it wont write ip only user name??
SBC is offline   Reply With Quote
Old 03-07-2006, 04:55 PM   #8
oslike
Member
 
Join Date: Dec 2003
Posts: 90
Default

yes change the ftp server software

they all do it the same way ...
oslike is offline   Reply With Quote
Old 03-07-2006, 05:13 PM   #9
Harm
Too much time...
Ultimate Scripter
 
Join Date: Jul 2003
Posts: 1,430
Default

Or make the xferlog file readonly. That will disable it for your server.
I'm afraid you can't do that for the other servers. You will have to trust your users (but that's another story).
Harm is offline   Reply With Quote
Reply

Tags
flashfxp, ftp, site, upload, xferlog

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 11:10 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)