woops wrong group he posted in my other group: A while back we did a server upgrade, and the new FTP server tool we use requires a non-encrypted FTP (no SSL or TLS) connection with the user name 'anonymous' and no password (not even your email). That is the only way anonymous FTP works any more. If you use a browser and go to ftp://ftp.whtech.com, you can use 'anonymous' as the user, with no password as well.
Alternatively we set up an http/https connection too... http://ftp.whtech.com and https://ftp.whtech.com . Both of which mirror the FTP just like you were connecting via FTP. The new FTP server was in response to the constant barrages of bots trying to break into the server via insecure known FTP exploits. Not that they could have done any damage since everything from the public site is read-only, it was quite annoying. Sometimes we'd see 20-30,000 failed logins a day with all sorts of dictionary attacks. Now, if any IP fails logging in 5 times it's banned. Hope this helps for everyone!! Don (still lurking in the shadows, lol) On Mon, Apr 23, 2018 at 9:43 AM, Gregory McGill <[email protected]> wrote: > yep and as I stated in a post in this group it is because the haxxors are > constantly attacking his ftp site.. not because he "cant" > > > On Mon, Apr 23, 2018 at 5:51 AM, Josh Malone <[email protected]> > wrote: > >> The root problem is is that Lizard Hill is not obeying the anonymous >> FTP "standard". By convention, anon FTP uses "anonymous" or "ftp" as >> the login and an email address as the password. By insisting on an >> empty password, LH is breaking decades of FTP convention and the >> browsers aren't coping well. I'm very surprised that they can't fix >> this on a single line in the config file. >> >> -Josh >> >> On Sun, Apr 22, 2018 at 6:57 PM, Daryl Tester >> <[email protected]> wrote: >> > On Sun, 22 Apr 2018 11:05:29 -0700, Gregory McGill wrote: >> > >> >> best to use http://ftp.whtech.com or https://ftp.whtech.com then with >> that >> >> browser >> > >> > >> > It's good to see the FTP site has been mapped onto http/https - that I >> > hadn't realised. Thanks for that! >> > >> > I normally use a real FTP client, because I've seen first hand how spack >> > the web browser implementations can be (given as it sounds like the >> hosting >> > provider has something like fail2ban running, which will lock out an IP >> > address with too many unsuccessful login attempts), but I understand the >> > convenience factor of why people use browsers. >> > >> > Cheers. >> > >> > >
