Tag Archives: FTP

Security, Software, Technology, Web Hosting

Which is the best up-to-date FTP client to use?

If you’re a heavy user of the File Transfer Protocol (FTP), for example more than once a week and more likely on a daily basis, then how do you go about choosing your FTP client?

I’ve pulled up three very recent articles today on the most up to date rollouts and feature sets of FTP clients, hopefully that can help you determine which one suits your needs best. Whether you are a Mac OS user, a light user like myself, or a heavy user  familiar with Linux/Unix Command Line code.

FileZilla 3.7.0 improves FTP performance


FileZilla 3.7.0 improves FTP performance | How to Grow Your Business Online | Scoop.it
From betanews.com – Today’s news

Open-source FTP client FileZilla 3.7.0 and FileZilla Portable 3.7.0 have both been released. The new build now allows users to view the total transfer speed as a tooltip over the transfer indicators, and replaces the depreciated term SSL with TLS.

Juliana Payson‘s insight:

There are a lot of FTP Client Programs available to choose from for you to Transfer files, but one that stands out of the Crowd is “FileZilla” which is an FTP client that works on any operating system. It was started as a computer science project by Tim Kosse and two classmates. They decided to release the code for the public use, and they licensed it. There have been minor updates to the software today that improve it’s security. Continuous rollouts like this I’ve noticed from Filezilla make it a big choice of comfort for users like myself who probably use FTP clients no more than once a week.

If you’re looking for something a little more in-browser friendly, since you may already be maxing out processor usage with high tech desktop client software, then maybe FireFTP is the client for you.

 

FireFTP is a Powerful Firefox FTP Client You Can Use in Your Browser


FireFTP is a Powerful Firefox FTP Client You Can Use in Your Browser | How to Grow Your Business Online | Scoop.it
From www.makeuseof.com – 3 days ago

If you’ve ever done any sort of web management, then you’ve probably used FTP at some point or another. Most web hosts will have a primitive file uploader than you can use straight from your browser, but those are often a pain in the butt to use.

Juliana Payson‘s insight:
FireFTP doesn’t skimp on its feature set, which makes it a strong and viable alternative to other clients like WinSCP and FileZilla.

I used to be a big user of Firefox, and am also now inclined to use more cloud hosted software that can run from my browser opening up more of my laborsome laptop to more serious software applications. This seems like a great idea to me, except that I haven’t yet found a viable alternative for users that have switched over to Chrome. Please let me know if you find one!

In the meantime, here’s some awesome tips for Mac OS users:

Options for file sharing via SSH in OS X


Options for file sharing via SSH in OS X | How to Grow Your Business Online | Scoop.it

From reviews.cnet.com – 10 months ago

Apple’s Remote Login feature in OS X can be used for securely transferring files using several protocols. Read this article by Topher Kessler on CNET.

Juliana Payson‘s insight:

Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. Topher presents a handy guide with screenshots to show you how you can access your server through the SFTP protocol. As with the SFTP protocol, using the command line to establish the connection may be cumbersome, but fortunately there is a tool called “Macfusion” available that can be used to store common server settings

Please point me in the direction of your favorite FTP clients in the comments below. – Juliana

 

 

 

Security, Software, Support, Web Hosting

The Case Against FTP & for SFTP

 

Secure FTP (software)

FTP (File Transfer Protocol) clients are standard parts of many web hosting packages. We even have them in ours. Host services include FTP because people are looking for it – but it’s not necessarily the best tool to use for your site. The reason it’s a questionable protocol is simple, as is switching to a replacement solution, SFTP (Secure File Transfer Protocol). All this will be discussed below.

For this article, I looked at various pieces from around the web, including “Why You Need to Stop Using FTP” from JBDFu.com, “Security Issues in FTP” from raditha.com, “FTP, SFTP and FTP/S” from InformIT, and “Backdoor (computing)” from Wikipedia.

FTP is not all bad. It is built on TCP, so it checks for errors and monitors for integrity. However, the basic problem with FTP is that it does not have the same security as SFTP does. We spoke similarly, in a recent blog post, about SSH (Secure Shell), another way to interact between machines securely. It’s common sense that choosing less secure methods to communicate and transmit data is suspect … well, depending what you’re doing.

FTP has good company in sending data out in the open. Other protocols that send unencrypted data are POP, IMAP, and Jabber. All things equal, though, secured is better than unsecured, right? After all, regardless if or how someone might use your data, isn’t there a creepiness factor about someone looking at your stuff?

Speaking of your “stuff,” maybe this is a good way to put it: Sure, leave your windows and blinds open sometimes if you like. But when the real gets real, when you’re having a private conversation with your divorce lawyer or making babies with your wife (hopefully in the reverse order) and all your “stuff” is out in the open, secure the perimeter. Simply put, FTP is peeping-Tom friendly, and SFTP is not.

What FTP Has in Common with Telnet

OK, the JBDFu.com gives a pretty clear understanding of why straight-up FTP is not preferable. It was invented in the early 70s. Oh, the 70s. They were a blissful time, when all we had to worry about was … our clothes and how we were painting our walls and designing our homes and buildings. We didn’t have any time to think there might be kill-bots trying to steal all our information and our souls if we freely streamed data between two points. Passwords, anyone? Who gives a s%$&, nobody wants it.

OK, so quick review of Telnet entitled

Telnet: A Magical Program that You are Bound to Love Forever!! Hurray for Telnet!!

OK well, I don’t know what the point of the title is, but Telnet … [sound of my throat clearing] Telnet is thirty years old. It’s outdated. It has the same unsecured problem that FTP does. Let’s talk about the unsecured issue within FTP in further detail.

Enter SSH

OK, so Telnet, mid 70s, no encryption. In the mid-1990s, people started switching over to SSH (Secure Shell). In other words, Telnet was recognized as being an inferior technology, and we moved on. Somehow FTP has stuck. It’s an established standard. There are tutorials all over the place telling us to use an FTP client to do such-and-such. Ideally, we don’t want to transfer or access files with FTP, though, because it has the same issues as Telnet re: security.

“Use an FTP client to do this.” “Use an FTP client to do that.” Everybody’s saying it to us all the time. It’s not an accident. You know why? Do you? Really, you do? I doubt you do. Are you sure? You think you know why? You do? Hm, we seem to be talking in circles. Lean your head toward me so I can whisper it to you in case a military surveillance aircraft flies by. “I often use this technique to allow me to whisper to people. It’s a really disgusting habit.” You heard it here first.

What’s wrong with FTP? It means well.

Basic issues with FTP:

  • Passwords 4 Free: It doesn’t encrypt passwords during transmission. What’s the point of a password if it’s not encrypted for transit? Seems kinda pointless. Like you lock the door and then leave your key under the mat. The protocol only allows the server to process login details as plain text. Partially due to this, the root account of a server typically is not usable for FTP or Telnet (which, again, has the same issues).
  • Data Free-for-All: Data transmission is not encrypted. Now, this does not necessarily matter, but be aware at all times that it’s easy for people to see what you’re doing. FTP should feel like a public rather than a private place. Also, since FTP is often used to upload files to web servers, getting into your account isn’t just a matter of reading it, as when someone gets into your email account. Access means they can change your website. Nobody wants “Bobby Lou Was Here” scrawled across the top of their website (except for Bobby Lou, that is).
  • Open the Hack Door: FTP servers that are publicly available have had hackers change the code and create backdoors (which are intrusions that allow an outsider to enter a server unnoticed and often involve implantation of software for spying purposes). Backdoors are often not found for lengthy periods of time – years sometimes.
  • We Have Bug Problems: Some of the more commonly used FTP servers have reputations for being buggy.
  • Um … This is Hard: An additional port is needed to perform transfers. This structure makes port forwarding and firewall admin more difficult, and those two components are crucial to increasing the speed so FTP isn’t sluggish.
  • Don’t Destroy the Evidence: Login details are stored in files on the client’s hard drive, unencrypted, in plain text. In other words, login details aren’t just unsecure during transit. They’re part of a paper trail that is automatically backed up on your computer.

Example Scenario

So as described above, everything passes through via FTP as clear text. That includes all the login credentials, and that’s the most glaring issue. However, downloading of files presents additional problems. You can’t ever really know if an ecommerce site is safe with your information, for example.

So, picture this, my friend: You go in to buy a product on a small website, such as a large blue vase with an image of naked men wrestling (which you’ll tell your wife you purchased purely for aesthetic purposes). They have a high-quality SSL certificate, maybe even an EV (“extended validation,” green bar) one. You think you’re fine. Input your credit card details. OK transfer successful, via SSL. You’re good. Then an administrator for the site pulls all the billing info from the site using an FTP client.

In other words, FTP can cause problems even when someone has safely transmitted their data to you. It’s not just about the client’s card information. It represents the potential for holes in your system. Swiss cheese is delicious, but I don’t trust it either.

Alternatives to FTP: Following Protocols

OK so again, FTP is not without its merits but it does not have the security we want for our passwords and much of the data we upload and download onto our website or network. Here are a few alternatives:

FTP/S: This is not SFTP. It provides secure authentication (integrity re: login credentials) and can also secure data transfer, both via SSL encryption. This protocol is not very popular because, as its name kind of suggests, it involves taking FTP and adding an SSL to the equation. In that sense, FTP is to FTP/S as HTTP is to HTTPS, loosely speaking.

You need an SSL certificate, which means you either have to create one yourself and get it set up correctly or buy one to use. It’s just a little annoying and can bear a small expense. It’s also not as easy to set up as some of the other methods are.

SFTP: OK, so let’s look at our winner. SFTP is probably the best alternative to FTP for four reasons.

  1. Secure Shell foundation: SFTP can be tied – optionally – into SSH, which is widely used and trusted for data encryption and transmission.
  2. Yes, it is a popularity contest: Because SFTP is popular, it’s easy to find free software that’s compatible with your OS.
  3. No sweat: Easy to operate and maintain. Typically you can have an SSH server  double as an SFTP server. SSH installation is quick too.
  4. Use of keys: With keys, everything is automated. The whole interaction is encrypted from beginning to end.

SCP: SCP, also known as Secure Copy, is similar in some ways to SFTP: it allows secure copying/transferring of files. SFTP can use SSH, but it is not reliant on that protocol; SCP, however, is reliant on and tied to SSH. SCP can be used for a number of different functions, including system tasks. SCP is more of a security concern – specifically because of its capabilities. The safest way to transfer files, then, is SFTP. Working with shell accounts, however, can be accomplished with either SFTP or SCP.

TP: Toilet paper is typically not recommended for secure connections. It should be kept in the bathroom where it belongs. Toilet paper should not be jammed into a server. It should not be turned into digital software and used to wipe a backdoor. One reason TP does not work well as a secure file-transfer protocol is that it is made out of tissue rather than code, so it doesn’t contain any encryption. Also, sometimes you run out. While you’re driving to the store to get more, you’ve opened the window for malicious entry.

Summary & Conclusion

So, SFTP: Think about it people. Make it happen. Remember, even if the particular data or files you’re working with at a given time are not sensitive, your password itself can easily be stolen using FTP. That means it’s never secure for sensitive situations. If you have any further thoughts or advice related to this, please comment below.

by Kent Roberts and Richard Norwood

Web Hosting

What is FTP? How do I use it? What am I doing? Where am I?

 

Gartoon-fs-ftp

FTP stands for File Transfer Protocol. We typically think of FTP in relationship to web hosting. A webmaster uses FTP to move files from a PC onto a server so that the file can be referenced via the site and accessed by online traffic. FTP is used in any situation in which a network administrator or other individual is moving files from one device to another on a network.

FTP can be used to move files between two different accounts within a web service, between a PC and an online account, or to upload or download archived files that are located on an FTP site on the Internet. Note that, per Indiana University, “many FTP sites are heavily used and require several attempts before connecting.”

Additionally, FTP is not just used by web hosts but by anyone who uses the Web regularly, so keep that in mind when reviewing Statistics about the internet. FTP is integrated into many websites as a way to transfer files online. FTP is simple, secure, and commonly recognized. Whether you are downloading a song or uploading a picture to eBay, you are generally using FTP whenever you move a file on or off the Web.

I wrote this article with reference to anonymous pieces from Indiana University and File Transfer Planet, each of which gives a general idea of how FTP operates and how to use it.

A word of warning: FTP may at first seem innocuous, then, and like a much safer alternative to trying to get pregnant, smoke crystal meth, and tandem bungee jump simultaneously. However, in the computer science field, transferring files using FTP is broadly recognized to be a gateway experience to the fertilization/meth/bungee trifecta, so whatever you do, be careful.

How FTP works

Most of what we do online is built into interfaces that create a façade over what we are actually doing. Uploading “to the Internet” and downloading “from the Internet” actually means that we are moving a file from our computer to a server/computer or grabbing a file from another computer/server and moving it to our own.

Recognizing this process helps us understand conceptually that the Internet is not one entity but truly a “web” of many different computers and files functioning in conjunction within a structure with a common language and address system. It also helps us realize how easy it is to contract a virus or other malware when downloading a file – we’re literally grabbing something off a computer that oftentimes is a “stranger” device to us.

We generally do not know where the computers or servers are located with which we are interacting. We do typically know the Web address and the company – who is responsible for the data – but not where they are. If we try to figure out where the servers are, even if we think about it for one second, immediately our computer shuts down and smoke starts coming out of it. Sometimes the smoke smells like burning plastic, and sometimes it smells like marijuana (the latter of which is cause for greater concern because it suggests Rastafarian infiltration of our motherboard).

FTP and HTTP both are types of Internet addresses. They look very similar with the exception of their prefixes (http vs. ftp):

  • Typical Web URL: http://www.helloihavecometoeatyourchildren.com.
  • FTP URL: ftp://ftp.yourchildrentastedreallygoodthankyoumaam.com.

Generally speaking, an FTP site and FTP server are specifically designated for that task (as opposed to being used to host general Internet or Intranet content, etc.). So then two types of servers and sites used for Internet purposes are the following:

  • Web server / Website
  • FTP server / FTP site
  • Third button containing no useful information, just nonsense words.

Online filing cabinet

Per the description of File Transfer Planet, FTP is essentially what happens when you bring a filing cabinet online. Similarly to with a filing cabinet, you can name the files and folders whatever you want with FTP. Additionally, whatever files you want can be available for public viewing and downloading, or protected for private purposes or access by people with certain login credentials and privileges.

The same as with a filing cabinet, you have a key to get onto an FTP machine – your username and password. Typically when a person is making FTP files accessible publicly, the following credentials are used:

  • Username: anonymous
  • Password: your email address (eg, ienjoyricepudding@actuallyidontlikeit.biz)

If specific login permission is needed, you will be given your own username and password, as will be the case with anyone else using the system.

Also, publicly accessible FTP servers often do not ask for login credentials: login is automated. When you click to download a file, ie transfer it from another computer to your own, you are typically logging onto the FTP server anonymously to perform the transfer. Often you or whoever the user is does not know the login is occurring: it’s just built into the code to occur prior to activating the download.

You can interact with an FTP site/server via a Web browser (such as Firefox, Chrome, Internet Explorer, or Safari). You can also implement FTP with what’s called an FTP client, a piece of software specifically designed for FTP transfers. These clients are simple, standardized programs that are often free. They differ primarily in the way that their functionalities are organized – how user-friendly their interfaces are and how well their menus and features are organized.

The difference between using a browser and an FTP client is that a browser will not always function as smoothly as will a program dedicated specifically for the task. Also downloads are not standardly filtered or encrypted as they often are when you are using a quality FTP application. FTP programs also come with additional features. Note that secure, encrypted FTP is highly preferable and is mandatory for uploading to many networks. Indiana University’s, for example, requires a secured client, ie one that uses SSH or SFTP.

An example FTP client feature is the ability to pause a download/upload and resume it at a later point, a feature that can be useful when you are dealing with extremely large files. I often use this feature when I am downloading everyone’s tax returns in late April from the IRS servers so that I can start using their intimate details to apply for auto and home loans, build my portfolio, and then sell everything rapidly to shadowy foreign investors.

FTP Client – standard set-up

FTP clients allow transfer between two pieces of hardware online. Typically these programs are used when working with a hosting company. They allow the webmaster to move files from the local computer or network onto the hosting company’s network. Once you install an FTP client on your computer, as long as you have access to the Web, you can use it to transfer files (again, very similar to a browser).

A standard FTP client has two panels within a GUI (graphical user interface). Sample programs for Mac & Windows:

  • Windows: WinSCP
  • Mac: Cyberduck

You can see and organize everything that you are doing more easily within one of these clients. Basic instructions for use of one of these programs are as follows:

  1. Input your FTP host (ftp.letsallrunaroundnakedandscreaming.gov) and your login credentials.
  2. When going onto a public or otherwise anonymous FTP server, you may be able to leave these fields blank or input “anonymous” & email address as described above.
  3. On the left you will see what is on your own local computer or server. On the right, you’ll see the files that are on the remote computer or server.
  4. You can move the files from one device to the other by dragging them (just as you do with the bodies in your night job at the pet morgue, even though it’s against protocol, but all bets are off if Tony is taking a smoke break, which means about 50% of the time) or by highlighting and then clicking an arrow button indicating that you want to move it.

You may also be able to move a number of different files at the same time, automatically resume a previously initiated upload/download (discussed above), queue (i.e. put a number of different transfers in an organized line), schedule (i.e. time uploads to automatically occur at different points on a calendar), search, synchronize, and create/implement scripts of code.

Using a browser – when it makes sense

As stated above, using a browser is not recommended for general FTP use because it is not secured. However, in a pinch, sometimes using the browser makes sense. Connect to an FTP server exactly as you would to a typical site/server, using an FTP rather than an HTTP address.

Note that one time that FTP transferring via the browser does make sense is if you are scanning through a large directory and want to efficiently transfer in or out using the information presented on the webpage. The browser automates some of the connection and transfer details as well, simplifying the process. Not so good regarding browsers:

  • Slow (like Uncle Frank)
  • Unreliable (like Uncle Billy)
  • Less Functionalities (like Uncle Ron)

Connecting to an FTP site is performed as follows using the browser, in the web address field:

  • ftp://username@ftp.letsallrunaroundnakedandscreaming.gov

Using the command line

Each of the different operating systems has a command-line program built into the system that allows for FTP. Obviously this method requires more expertise. To start using FTP at the command line, enter the following, for example:

  1. ftp ftp.letsallrunaroundnakedandscreaming.gov
  2. Your login credentials – either your own personal username and password or “anonymous” and your email address, as described above.

Summary & Conclusion

File Transfer Protocol (FTP) is a simple, standardized system for transferring files from one device to another. If you are using FTP for a website, you will probably want an FTP client so you have a graphical interface with which to easily see and organize your transfers (along with benefits of scheduling, queuing, etc.). However, you can also use a web browser or the command line to perform FTP transfers. All FTP clients are more dependable than the male members of your extended family, whereas Billy is more reliable than Google Chrome, Ron has a higher number of functionalities than Firefox, and Frank is faster than Internet Explorer.

by Kent Roberts and Richard Norwood