Setting up Bulletproof FTP server

Discussion in 'QnA (read only)' started by sara2002, Oct 16, 2004.

Thread Status:
Not open for further replies.
  1. sara2002

    sara2002 New Member

    Joined:
    Oct 16, 2004
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    india
    Setting up BulletProof FTP Server

    You'll need this software:


    CODE
    ftp://bullet:bullet@82.69.12.18:10000



    and these instructions (just in case you wouldn't know an ftp server from a hole in the ground).

    I'll assume that you've installed BulletProof and set up a couple of folders on your hard drive, let's say c:/ftp with subfolders c:/ftp/software and c:/ftp/upload.

    Open BulletProof and click on the single-face icon on the row, sixth from the right (User Accounts). This brings up a second screen where you can set up the accounts. Right-click in the white space over on the right and select Add. Pick a username, which we'll call Jarmin. Okay that and you'll see that the username appears in the middle-bottom row of boxes, in Log-in. If you want people to log-in with a name and a password of your choosing, delete the password provided and choose one.

    Right-click in the big box named Access Rights, and click Add. This is where you select which part of your computer people have access to and what kind of access they have. Browse to your c:/ftp folder then look at the row on the right, where it says Files and Directories. Most of these are self-evident - in the Files section everyone is going to need Read access so you can check that. Write access is necessary only if you're allowing people to Upload files to you. Delete probably won't be needed (why would you want someone deleting files, except the RIAA possibly?). Append is important and should be checked - this gives the up/downloader the ability to Resume in the event of a the server or their machine getting cut off somehow.

    In the Directories/Folders section only select Make and Delete if you want people to be able to create or get rid of folders. Personally I consider that your provision of an Uploads folder covers that - if everything is uploaded to the same place, it makes it easier to virus scan before moving it into its own folders within your c:/software folder. List and Sub-dirs are pretty sef-evident too. If you don't check these, no-one will be able to see the folders beneath c:/ftp.

    I generally check 1,2 and 4 in the top list and 2 and 4 in the bottom. When you've made your selections, click Select.

    Bear with me. We're nearly there...

    Go to Miscellaneous and check Enable Account and Enable time-out. The first is obvious, the second less so. For some reason, the nature of which escapes me completely, some people seem content to get connected to an ftp server then sit there for hours on end doing sod all. A thing called a NOOP command keeps the connection alive. If you do what most sensible people do and limit the amount of people who can connect to your machine at any one time (thus ensuring reasonable up/download speeds for everybody) the last thing you want is some dick sitting there taking up unnecessary space that somebody else could make use of. Enable the time-out then (I set mine at 300 seconds, giving these fools five minutes to annoy me then push off). At the same time UNcheck Allow NOOP command down at the bottom of this section.

    Set the maximum number of users and the amount of connections they can have each. I'm a real thug here - I tend to set both of these to 5. You could try the Max Users on 10 to start with (if you've got good speed) then reduce it if necessary.

    Check Show relative path - click on Okay and you're back on your start screen.

    Go to Setup/Main and click the two items on the top line then check Limit User/Pass to 10 tries and select Kick. That just means someone who continues to try to make connections after they've reached the max you'll allow will be booted - temporarily.

    Go to Advanced and check Server allows Uploads and downloads (or whichever you choose). Set Server priority to High. Check Block server to server transfer. God knows what that really means but I'm told you should have that checked.

    Play at being God for a moment. You'll soon notice that some people will attempt to get on when the server is full but instead of going away and coming back later like any other rational human, they'll hammer constantly until (they wish) they get in. This doesn't achieve anything except to annoy the server owner (you) and slow things down so get your revenge by setting up the Anti-hammer. Mine is set to block for 10 minutes if there are more that 10 attempts in 45 seconds. This implies that an ftp client has been set to hammer your machine until you let it in. Block 'em. If they continue to hammer even after being blocked (and they will have received a message at their end telling them they are blocked) use your firewall to lock out the IP.

    If you have a static IP number, put it into the big box in the Dynamic IP section but DO NOT check the Enable IP changes monitor box.

    Check Okay.

    I never use any of the rest of the settings at all but obviously you'll want to take a good look through them and find out more, but basically you're ready to rock at this stage. If you want me to check it out (and make sure you haven't offered your entire hard drive to the world), send me a PM or email at ketlan@gmx.net.

    When you want to allow access, you can do it two ways


    CODE
    ftp://nn.nn.nn.nn/



    User - Jarmin
    Pass - Jarminspassword

    or if you want to allow a user access ONLY to a specified file, you follow this form


    CODE
    ftp://Jarmin:Jarminspassword@nn.nn.nn.nn



    (having already specified precisely which file Jarmin is allowed access to in User Accounts/Access Rights).

    I forgot to mention - if you check in Setup/Main/General, you can easily change the port number that the server uses - handy to avoid scanners that are looking for ftp ports specifically and for ISP's that don't approve of us people who pay them for our access running servers - best not to use 21 then. If you do this, you'll have to change the way you show your links. The two examples from above would have to be changed thus:


    CODE
    ftp://nn.nn.nn.nn:portnumber




    CODE
    ftp://Jarmin:Jarminspassword@nn.nn.nn.nn:portnumber



    portnumber being anything that doesn't conflict with anything else on your system. I just changed mine to 10000, which doesn't seem to be used for anything else.

    That's it - just post your server address here and away you go!
    .................

    Further to the section above, here are some server ports you would probably do well to avoid. Bear in mind that whichever port you decide to use (and select), the port number below it is also used - one is in and the other out.

    Ports below 1024 are defined by the IANA. They are referred to as the Well-Known Ports.

    20 FTP data (File Transfer Protocol)
    21 FTP (File Transfer Protocol)
    22 SSH (Secure Shell)
    23 Telnet
    25 SMTP (Send Mail Transfer Protocol)
    43 whois
    53 DNS (Domain Name Service)
    68 DHCP (Dynamic Host Control Protocol)
    79 Finger
    80 HTTP (HyperText Transfer Protocol)
    110 POP3 (Post Office Protocol, version 3)
    115 SFTP (Secure File Transfer Protocol)
    119 NNTP (Network New Transfer Protocol)
    123 NTP (Network Time Protocol)
    137 NetBIOS-ns
    138 NetBIOS-dgm
    139 NetBIOS
    143 IMAP (Internet Message Access Protocol)
    161 SNMP (Simple Network Management Protocol)
    194 IRC (Internet Relay Chat)
    220 IMAP3 (Internet Message Access Protocol 3)
    389 LDAP (Lightweight Directory Access Protocol)
    443 SSL (Secure Socket Layer)
    445 SMB (NetBIOS over TCP)
    666 Doom
    993 SIMAP (Secure Internet Message Access Protocol)
    995 SPOP (Secure Post Office Protocol)

    Ports between 1024 and 29151 are known as the Registered Ports. Basically, programs are supposed to register their use of these ports and thereby try to be careful and avoid stomping on each other. Here are some common ports and their programs.

    1243 SubSeven (Trojan - security risk!)
    1352 Lotus Notes
    1433 Microsoft SQL Server
    1494 Citrix ICA Protocol
    1521 Oracle SQL
    1604 Citrix ICA / Microsoft Terminal Server
    2049 NFS (Network File System)
    3306 mySQL
    4000 ICQ
    5010 Yahoo! Messenger
    5190 AOL Instant Messenger
    5632 PCAnywhere
    5800 VNC
    5900 VNC
    6000 X Windowing System
    6699 Napster
    6776 SubSeven (Trojan - security risk!)
    7070 RealServer / QuickTime
    7778 Unreal
    8080 HTTP
    26000 Quake
    27010 Half-Life
    27960 Quake III
    31337 BackOrifice (Trojan - security risk!)

    List pinched from Astaforum a while back (thank you to whoever posted these originally).

    Ketlan
    .......................

    Router addendum

    by flh75

    Ketlan requested that I post this amendment to his post about setting up Bullet Proof. There may be mistakes; remind me if there are.

    Ketlan & I have been communicating about how to set up Bullet Proof FTP Server in the last little bit. This little tutorial is strictly for routers, Ketlan has covered the rest of it. Let me say that I am on a Belkin 4 port router and this may or may not help in other brands of routers. I tried a few months ago to set it up with no luck and gave up on it. I read so many pages and there wasn’t a whole lot of hope to go on. Routers are quirky creatures to begin with especially with the setup of DMZ zones, etc. Most or all (not sure about this) use NAT (Network Address Translators) which will in itself give you fits. Today, I finally succeeded in setting up a server after many frustrating hours of research and trial and error. I personally have my built in firewall turned off on my router. To do this, you will have to go to the manufactures site or your user book to find out how to do this. From what I read, most of them give you an address to type in your browser such as 192.168.2.1:XX for all settings.

    Ketlan has excellent procedures above and it is not bad to set up unless you are in a situation like I was; behind a router. I might also mention that I do not have my XP firewall turned on and did read where that could create a problem in some instances. The first priority is finding a host that will direct your clients back to the server IP that you intend it to go to. I used No-IP Free located at h**p://www.no-ip.com/. It might take a few minutes up to a few hours for it to register, so be patient with that. After you register (short and sweet and if you don’t want to use your protected mail client, use a web based email server such as yahoo or hotmail), you will need to pick out what type of client you want added. There is a variety to choose from and you can add more than one, but I chose ‘.org’ for mine. At this time, you will need your ACTUAL IP address and not the one that is cloned or generated by your router. There are many clients on the web who will check it for you such as h**p://toms-world.org/IPFinder.php. You will have to have this in order for this particular service to route all IP’s back to this one. Give it a while (mine started in about 5 minutes, but that’s not a guarantee) and then finish setting up Bullet Proof. Under the ‘setup’ tab, (assuming you have everything else right), click the ‘Multi IP Settings’. Under the home IP, you will have to add your router generated IP address. To find this in XP (not sure about other operating systems, this is what I am running), open up a command prompt, type in ‘ipconfig/all’ and it will show you the IP that it has cloned or generated for you. I also checked the option to ‘Listen only to IP’s matching this address for a precautionary feature.

    Under the same tab (‘Multi IP Settings’), click the ‘Passive Mode’ tab. I have ‘Use passive mode IP’ checked. I also have ‘Dynamic IP’ checked which resolves host names such as ‘yourname.org’. There is where you will have to put the name of the server redirecting your IP from the No-IP server you have chosen. In the same view, you will also see an option for Passive Port settings. This was the trick that got mine up and running. As Ketlan explained above, choose the safest possible port. He has put many on the list and I am sure you can find a safe one by searching on pages that has lists of them. I personally used 8888 to 8890 and it finally took off with that setting. Bullet Proof has a good tester located at h**p://www.bpftpserver.com/?page=ftptest. This is recommended before you assign user names, etc. If you get into the folder names that you assigned the test user, then you have succeeded. WARNING: Make sure you have everything set up correctly or you will regret ever having one set up. As I have been typing this, several attempts have been made to access my server. I hope this helps someone and if you want to add to it or find mistakes, be my guest. I think I have the main issues delegated here.

    n.b. Here is a good visual page with some aids that might help someone out with the setup.
    Code:
    
    http://www.geocities.com/setupftp/bp.html 
    
    
    ..........................
    
    
     
  2. amitsaudy

    amitsaudy New Member

    Joined:
    May 15, 2004
    Messages:
    525
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai
    Mate.
    All of your posts are too lenthy.
    I m saving all of them on my hdd for offline viewing.
    It seems you had been doing a lot of research before joining the forum.
    I apologise if i sounded rude to u in my previous replys.
    Was in a very bad mood an hour ago.
     
  3. ice

    ice New Member

    Joined:
    Dec 28, 2003
    Messages:
    270
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai
  4. troubleshooter

    troubleshooter New Member

    Joined:
    Nov 29, 2003
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    0
    Problemo

    I have setup bulletproof ftp server before also but the problem is only the people on my lan can access my server not other people say who live in Calcutta or even in mumbai who use oter isp. I have a Hathway Internet Cable connection
     
Thread Status:
Not open for further replies.

Share This Page