28 posts in this topic

Hi

I needed an FTP account for my book uploads, An old friend of mine who owns a website created an FTP account for me in his server that he had purchased.

He gave me the credentials to his main account as well to setup the limits and configure the clients. I can login to his server using http://cpanel.domainname.com and see my FTP user account under FTP accounts.

I logged in to my FTP user through filezilla client using the credentials for my FTP account

hostname : ftp.domainname.com

Username: username@domainname.com

Pass: my FTP account password

port - 21

I uploaded the files successfully and can see them on the sever when I login to his cpanel and check my FTP account file manager.

PROBLEM: When i try loggin in from any browser as

ftp://username@domainname.com, the URL in the browser redirect to ftp://domainname.com and the popup box asks for username and password for his server and not my FTP account that he created.

WEIRD: To check this i tried logging in over a web based FTP client, net2ftp.com and to my surprise i was able to login using the same credentials that i have for my FTP account.

Is there a setting that i need to enable on server side (cpanel.domainanme.com) or is this something related to browser/client side?

I checked the directory in the server and my FTP account is listed as /home/domainaname/username. (can this be an issues, any access level settings for this path may be)? Also this the path where all his other FTP accounts for other customers are listed. and to my knowledge they are able to login.

Thanks

Koshur

Share this post


Link to post
Share on other sites

You just enter your username and password in the pop-up window. Voila, access to the ftp server.

Better solution: Use one of the many ftp clients, like FileZilla.

Share this post


Link to post
Share on other sites

Why would you even try "ftp://username@domainname.com" ? It needs to be accessed by ftp://domain.com and when the popup comes on just enter your login details your friend gave you.

Paths have nothing to do with this. He has just restricted your user to your own path not to the root of the server, he must of have given you a username and password that you can enter into cpanel? I guess they will be the same for the FTP account or maybe different, depends on the admin.

Share this post


Link to post
Share on other sites

You just enter your username and password in the pop-up window. Voila, access to the ftp server.

Better solution: Use one of the many ftp clients, like FileZilla.

When i enter the username and password for my FTP account, it says Error 530, login authentication failed. May be coz the popup says "Enter username and password for ftp://domainname.com" instead of "ftp://username@domainname.com"....?'>ftp://username@domainname.com"....?

I can use filezilla from a place i have install rights but what if I want to access it from a remote PC that has just a browser and no admin rights to installation. Also i have some non techy folks that I want to give my FTP server, they would be more comfortable opening up a browser than installing a freeware and configure it.

Why would you even try "ftp://username@domainname.com" ? It needs to be accessed by ftp://domain.com and when the popup comes on just enter your login details your friend gave you.

Paths have nothing to do with this. He has just restricted your user to your own path not to the root of the server, he must of have given you a username and password that you can enter into cpanel? I guess they will be the same for the FTP account or maybe different, depends on the admin.

Ok. so heres what is happenig:

If i enter the username and passwd for my FTP it throws auth failed error. but if i punch in the credentials of the server (the one my friends uses to access his main account) then i can get to his ftp.domainname.com.

from where i am able to locate my stuff at Index of /public_html/username/

What i want is to directly drop to my username folder, so that people can see only the contents in this folder and download the stuff bypassing all other info on main server.

The username and password for admin sever is different from my FTP account.

Edited by Koshur

Share this post


Link to post
Share on other sites

Just navigate to ftp://domainname.com and enter your username and pass, that should work. The FTP assigns the correct folder, not you :p

You could also try ftp://username:password@domainname.com

What i want is to directly drop to my username folder, so that people can see only the contents in this folder and download the stuff bypassing all other info on main server.

Anonymous access might be disabled.

1 person likes this

Share this post


Link to post
Share on other sites

When i enter the username and password for my FTP account, it says Error 530, login authentication failed. May be coz the popup says "Enter username and password for ftp://domainname.com" instead of "ftp://username@domainname.com"....?

I can use filezilla from a place i have install rights but what if I want to access it from a remote PC that has just a browser and no admin rights to installation. Also i have some non techy folks that I want to give my FTP server, they would be more comfortable opening up a browser than installing a freeware and configure it.

Ok. so heres what is happenig:

If i enter the username and passwd for my FTP it throws auth failed error. but if i punch in the credentials of the server (the one my friends uses to access his main account) then i can get to his ftp.domainname.com.

from where i am able to locate my stuff at Index of /public_html/username/

What i want is to directly drop to my username folder, so that people can see only the contents in this folder and download the stuff bypassing all other info on main server.

The username and password for admin sever is different from my FTP account.

That is something the FTP owner needs to setup, from what I can understand he hasn't even setup a separate login for you that is only assigned to your ftp path.

As soon as he does that it's exactly what will happen, as soon as you enter your logins it'll just take you to your folder not to the root.

This is Directadmin but if I remember correctly cPanel should have something similar

ftpehni.jpg

He needs to custom assign a path to a user to be redirected to your folder.

1 person likes this

Share this post


Link to post
Share on other sites

"PROBLEM: When i try loggin in from any browser"

Why would anyone be using a "browser" to log into a ftp server? Download a file via anonymous access, sure - but actually auth and use, why are we talking about this.. You already have your solution

"I logged in to my FTP user through filezilla client using the credentials for my FTP account"

If your not a fan of filezilla, then pick any of the other hundreds of ftp clients to use.. To be honest ftp is not really a secure method to access your site, I would suggest using SFTP.. You do understand that ftp sends the username and password in clear text.. Unless your using FTPS, sometimes known as FTP-SSL, which your "browser" is for sure not going to understand.

Your trying to use a screwdriver when you should be using a wrench.. Use the correct tool for the job.. A browser is great for rendering your HTTP site, not so much trying to use a ftp site. Use a ftp client!

1 person likes this

Share this post


Link to post
Share on other sites

Just navigate to ftp://domainname.com and enter your username and pass, that should work. The FTP assigns the correct folder, not you :p

You could also try ftp://username:password@domainname.com

Anonymous access might be disabled.

tried ftp://username:password@domainname.com but comes up with same login error.

That is something the FTP owner needs to setup, from what I can understand he hasn't even setup a separate login for you that is only assigned to your ftp path.

As soon as he does that it's exactly what will happen, as soon as you enter your logins it'll just take you to your folder not to the root.

This is Directadmin but if I remember correctly cPanel should have something similar

ftpehni.jpg

He needs to custom assign a path to a user to be redirected to your folder.

I have the admin access to the FTP server as well. but the cpanel does not seem to show these options as above. Check screenshots:

post-431588-0-48516400-1369575210.png post-431588-0-31821300-1369576870.png

"PROBLEM: When i try loggin in from any browser"

Why would anyone be using a "browser" to log into a ftp server? Download a file via anonymous access, sure - but actually auth and use, why are we talking about this.. You already have your solution

"I logged in to my FTP user through filezilla client using the credentials for my FTP account"

If your not a fan of filezilla, then pick any of the other hundreds of ftp clients to use.. To be honest ftp is not really a secure method to access your site, I would suggest using SFTP.. You do understand that ftp sends the username and password in clear text.. Unless your using FTPS, sometimes known as FTP-SSL, which your "browser" is for sure not going to understand.

Your trying to use a screwdriver when you should be using a wrench.. Use the correct tool for the job.. A browser is great for rendering your HTTP site, not so much trying to use a ftp site. Use a ftp client!

I know about the vulnerability and perhaps was expecting this point. but this would just be a one time thing (project requirement) i would need for now. I personally love filezilla, thats how i uploaded all the content there. Like i said imagine a PC with just a browser and no admin access to install stuff. Now I have a dropbox account with an additional purchased storage upto 50GB, but Google won't allow dropbox as a bulk upload option (and i am not going to upload around 3GB of content to their gDrive) for sending books to their Google books partner program and mailing the files on a CD!.. i dont believe they still havn't updated their HC. So they have given an option go FTP and provide following:

Hostname:

Username:

Password:

Port:

Directory path:

Hope this answers lot y's..

Thanks

Share this post


Link to post
Share on other sites

"Like i said imagine a PC with just a browser and no admin access to install stuff."

Ok - then use the built in cmd line ftp client

post-14624-0-25805000-1369578682.jpg

And you don't need admin rights to install filezilla, even if you can not run the installer - you could just use the zip version. Or a portable version on a usb, etc.

You DON"T use a BROWSER for FTP! Other than maybe clicking a link to download a file from a anonymous ftp site.

Share this post


Link to post
Share on other sites

Just changed the password for my FTP and tried logging in through FTP. and this is where i start to scratch my head. I get a login failed, while if i use the same new password that i just updated and try logging in through net2ftp i am able to login. :/ same thing that was happening with the browser. it gave me the same Login auth failed.!!!

post-431588-0-64988900-1369580716.png

post-431588-0-72790600-1369580721.png

Share this post


Link to post
Share on other sites

so your user account is googlebooks, not googlebooks@something ?

If you send me creds and login info, etc. be more than happy to test for you. If your user account is just googlebooks, then I would assume typo on the password ;)

you stated before

Username: username@domainname.com

you also stated before

hostname : ftp.domainname.com

You do understand that is possible, that ftp.domainname.com is different than domainname.com - I am not 100% sure on what your doing wrong. but billy is not same as billy@somthing.tld nor is ftp.domain.tld have to be the same host as domain.tld

I do believe pure-ftpd allows for virtual hosting, etc. So even domain.tld and ftp.domain.tld point to the same IP, its possible they are actually different instances and use different user accounts, etc. if this is some shard host, then its quite logical that virtual ftp hosts are being used and you should really spellout your full username and host name given to you for access in the client your using to access it with.

edit: btw, your browser issue might related to fact your on block lists.. Atleast firefox ;)

post-14624-0-82110900-1369582983.jpg

That site is listed on 5 different lists as bad

https://www.virustot...sis/1369583065/

Antiy-AVL Malware site

BitDefender Malware site

Fortinet Malware site

Google Safebrowsing Malware site

Sophos Malicious site

http://safebrowsing....=kashmir360.com

post-14624-0-72206200-1369583462.jpg

Share this post


Link to post
Share on other sites

Whoa! Budman is better than Colombo :p

Share this post


Link to post
Share on other sites

heheh - just like to get to the root of the problem ;) Part of the reason the site might have been compromised is that its users use ftp to access it ;) where the username and password are sent in the clear. If they access such a site from an open network, say public wifi or something its quite possible someone snagged the info need to access and replace code on the site.

It its quite possible its just running crap that is open to exploit?

via: HTTP/1.1 GWA

x-powered-by: PHP/5.2.17

x-google-cache-control: remote-fetch

server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635

connection: close

date: Sun, 26 May 2013 15:44:29 GMT

content-type: text/html

Both of the jump out at me as something that might be an issue.. Who and the F uses frontpage? ;)

BTW.. I show neowin using

Apache/2.2.14

That is quite old, and should be updated for security reasons..

2.2.14: Released October 3, 2009

Share this post


Link to post
Share on other sites

Hey Budman..

I have no idea what is causing the Malware warning. I'll be sending in you the credentials to get to the root of this thing, even though i don't manage this, but i am sure there must be some info i can pass along to my friend to remove suspicious content. Check ur inbox for the credentials.

Share this post


Link to post
Share on other sites

Well it hosting malware would be the reason for the listing ;)

look at the crap its sending if you connect to it via port 80

budman@ubuntu:/tmp$ wget kashmir360.com

--2013-05-28 10:11:52-- http://kashmir360.com/

Resolving kashmir360.com (kashmir360.com)... 199.16.154.2

Connecting to kashmir360.com (kashmir360.com)|199.16.154.2|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: unspecified [text/html]

Saving to: index.html

budman@ubuntu:/tmp$ cat index.html
<div id='mollynes'>Viagra and cialis are medications especially for men that suffer from impotency and are unable to satisfy his partner. <a href="http://www.viagraonlinefly.com">viagra online</a> and <a href="http://www.cialisonlinelow.com">cialis online</a> shops sell reputed genuine medicines to treatment impotency. Players enjoying in <a href="http://www.casinoonlinebit.com">casino online</a> need to register with a token quantity and then can bag the whole desk quantity, profitable it. </div><script type='text/javascript'>if(document.getElementById('mollynes') != null){document.getElementById('mollynes').style.visibility = 'hidden'; document.getElementById('mollynes').style.width = '0px'; document.getElementById('mollynes').style.height = '0px';}</script>

Is that what is suppose to be served??

Share this post


Link to post
Share on other sites

wow...looks like its filled with crap...my friend used this during his college and hasn't been doing any cleaning up....i'll ask him to get this cleaned...

Share this post


Link to post
Share on other sites

for starters looks like it too busy sending out crap would be my guess to maintain even a stable ftp connection. So I can get logged in with the first account you sent.. but not really able to do anything, sometimes I can get a directory listing, sometimes not..

took minutes to come back with a simple cd www

ftp> cd www

250 OK. Current directory is /www

now currently waiting for a simple ls of that dir

ftp> ls

200 PORT command successful

I tried to ssh, but not able to auth with that account. Do you have shell access? Can he give it too you, then I could take a look to what is going on. But currently its not very responsive for starters - again guessing its too busy serving up crap..

I have multiple servers I could give you access.. A vps in CA, a seedbox with shell access in UK, and unlimited shell and web server shared account as well.. I have given friends their own accounts to play with shell, websites, etc.

the ls just came back.. Dude that was a good couple of minutes..

so I see a googlebooks dir

drwxr-xr-x 5 snipped snipped 4096 May 22 04:35 googlebooks

I snipped out the username there for privacy.. looks like site was or is trying to run wordpress - lots of know exploits with that.. see some other sites.. But odd looking AWFQf.html in this dir.. going to see if can grab it to take a look inside

GAWD it is like watching paint dry trying to do anything.. Still waiting for it to send me the file

ftp> get aWFQf.html

local: aWFQf.html remote: aWFQf.html

200 PORT command successful

edit: This box has clearly been compromised.. finally got that file down

budman@ubuntu:/tmp$ cat aWFQf.html
<html>
<head>
<meta http-equiv="refresh" content="2; url=http://tommeruphallerne.dk/				   ticket3Nt/bar/index.html">
</head>
<body>
<h1>Loading...</h1>
</body>
budman@ubuntu:/tmp$

Have your buddy wipe this thing, have his host wipe his account, etc. And start over!! The date on that file is today

ftp> ls

200 PORT command successful

150 Connecting to port 52173

drwxr-x--- 15 snipped 99 4096 May 26 13:20 .

drwx--x--x 19 snipped snipped 4096 May 27 01:11 ..

-rw-r--r-- 1 snipped snipped 397 May 28 08:49 aWFQf.html

edit: Are you from Russia - according to the ftp log, looks like it was upload by some IP in Russia

Sun May 26 13:21:00 2013 0 95.163.xx.xx 406 /home/snipped/public_html/aWFQf.html a _ i r snipped ftp 1 * c

if you lookup that IP that I snipped out just in case its yours?

organisation: ORG-DNJ1-RIPE

org-name: Digital Networks CJSC

org-type: LIR

address: Digital Network JSC

address: 13a, Yaroslavskaya st.

address: 129366

address: Moscow

address: RUSSIAN FEDERATION

and its being updated - here is the last upload of it

Tue May 28 08:49:58 2013 0 95.163.xx.xx 397 /home/snipped/public_html/aWFQf.html a _ i r snipped ftp 1 * c

more edits:

So just grabbed that link that odd page is trying to redirect too.. So unless your into some crazy odd p0rn.. Yeah this box has been compromised. Yeah dude you need to get your buddy to clean up this box ;)

Share this post


Link to post
Share on other sites

Budman -

I have got a confirmation from my friend to clean this off. What would be the best way to wipe off everything and start afresh?

Share this post


Link to post
Share on other sites

Is it a shared account or vps? Do you have ssh and root access?

You need to change ALL passwords right now, that file had been changed yesterday - so they have active access.

I would contact the host and have them clean slate it and create new accounts with different names and passwords to be honest.

edit: I would then make sure that you pay attention to any software like wordpress you put on it and make sure its always on current version. Read up on any security settings for said software your using.

I would not use ftp, but sftp so your never sending username and passwords in clear. And to be honest only allow public key auth. So can not even use a username or password to access it.

If your going to have ftp up and running - then the accounts that have access need to use a SECURE password.. Any ftp server that is online for more than 24 is going to be getting brute forced attempts - this is pretty much a given.

Share this post


Link to post
Share on other sites

checked in through cpanel. this does not have a root acces or ssh. its a shared one. i have been logging in at my office and home so that might show the access to passwords from multiple locations(the public ip in my office is of a different country than my home). plus my friend has been checking into from a different city as well.

I have raised a ticket to the support to wipe this out.. lets see how they respond (or actually 'if' they respond coz the support has not been upto the mark).

Looks it still going to take a while before i can actually get an working FTP space for my files :(

Die Google with your monopoly...Hail Dropbox...

@budman-Cheers again for guiding this through........

Share this post


Link to post
Share on other sites

The address I show for that odd html file with the p0rn redirection was from Russia - are any of the places you access from in Russia?

I would make sure you change any and all passwords and if possible usernames that have access to this host.

You can not enable SSH? It accepted my connection, so its listening on SSH.. My shared host allows for ssh access, not root on the box.. But root as far as access to everything in accounts directory..

Let us know how it works out, if you still have issues with it after its been cleaned - just let me know.. Happy to help.. Not anyone's business, but if files are all "legal" if worse case comes to worse and you just need some storage let me know I might be able to help.. But if anything might be a questionable nature I would have to pass.. Have been using this host for years and years, and I wouldn't want to put anything on their that might loose me my account, etc.

Another option depending on your storage and bandwidth requirements.. You can get some lowend vps for really cheap!! I have one that is only $15 a year. And you can do anything you want with it within reason, its a VPS so you have full root access and can run whatever OS you want.. I think the window based ones are bit more. It has 15GB of space, and 500GB of xfer a month.. So would be very useful for storage and access of say 10 to 14 GB worth of stuff. I just use it a test box for checking network connectivity, secondary vpn connection if my home connection goes down. A different place to bounce dns queries off of, etc.. It does everything I need in a vps for like a $1 a month ;)

Share this post


Link to post
Share on other sites

are any of the places you access from in Russia? - Nope, the only place it is being accessed is from my Office (which has a US ip) and India (where my friend is currently based), so this definetly looks like malicious redirect. I have got my friend to contact the Hosting company and do a clean reset. I checked again and the plan does support SSH on a shared plan. Here is the plan he is using (Cloud 100) - http://hostupon.com/cloud-hosting.php

I would really love to have an FTP space to get going and get the work done, about the content that I want to upload - they are all religious books(like someone puts up a bible for view) that I plan to re-distribute. This will be purely a non-profit initiative, however the copyright does allow the propagation and free distribution if its not for the purpose of sales/earnings. You can pull up any of the books and verify this from the copyright section. I would be putting these books to 100% viewable to all and free to download. Plus I would be redistributing them under the original Author/Title etc and giving necessary credits to the contributors.

So, your space, your call...

Do tell me about the $15 a year - Sounds a great deal! can you forward the details? Also, if you can think of any good dedicated and shared both economical service (a good customer service would be an icing on the cake). Something easy to setup and user intuitive would be what i would look for (since he would eventually want me to handle/manage this for him).

p:s - Stay safe, the weather is upto something serious.

Cheers!

Share this post


Link to post
Share on other sites

$100 a month?? Are they out of their freaking minds??? For a shared plan..

What site is he serving up, thought he was not even using it? The box was so freaking slow trying to even get a ftp dir listing.. Even if was serving up malware to 1000's of users.. Its should have not been that slow.

As to the lowend box option.. Here is the host I am on

http://buyvm.net/

I have the first plan the 128/256 15GB 500GB/month plan.. A bit cheaper than the $1200 a year your buddy is shelling out.. For something he doesn't use??

Good luck..

Share this post


Link to post
Share on other sites

100/month? Yikes..

Mine is less than $20 a month for my unlimited plan..

It was expensive a long time ago and now they are offering hosting for cheap these days.

But if you want to have dedicated servers, then it could cost you a lot more depends on the package/features you choose. If you choose this package, then make sure you have enough money on the long run in case you need to add more space in near future (or bandwidth.)

I remember back in old days when the internet/domains started.. the domains was about 50/year... now, the domains can be purchased for around $7 depends which provider you register it on.

OP, do not use FTP through the browser.... it's a no no... unless you download the files from anonymous FTP sites which you click on the link to download a file from. Use a FTP client from now on.

You can use FTP client to back up your data before you move to your new hosting provider so you won't lose it... some provider have the backup ... you can ask for a backup from specific date before your site was hacked with bad files or whatever you guys mentioned in the recent posts..

Share this post


Link to post
Share on other sites

I forgot to mention.. he got it for $89/year..some offer or so...he did had a good travel portal maintained which he scrapped later on but for no reasons though of continuing this plan. hoping to make use of it... !

Thanks folks for the plans.. I guess its time to ditch the current host, and start a fresh one..

Cheers!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.