The default FTP port is
FTP control 20
FTP datta 21
Therefore, the default status can be list. If you want to improve the security of the FTP server, I think it is necessary to change the port and start to cure the problem. We recommend that you use FTPS (FTP over SSL) to encrypt the transmitted password and data in SSL mode, which is relatively secure. The default port for this method is 989,990.
Filazilla is a very popular open-source free FTP client and server project. The main advantages of Filezilla are: high security and high performance. Filazilla's security comes from its open source code. Filezilla's high performance comes from its code development platform C/C ++, which is far better than other applications developed on the VB/Dephi platform. Therefore, Filezilla has the same performance as IIS. In terms of gigabit network bandwidth, it can easily meet the needs of hundreds of users for simultaneous high-speed download. Currently, Filezilla also has some shortcomings. Its main disadvantage is that it does not support quotas, that is, it does not provide the function of uploading or downloading the total file size quota.
The FileZilla Server program is regarded as two parts. The first part is the FTP Service, which provides network services for access to by other computers through FTP communication protocols, this part of the function allows him to automatically start with the computer boot. After the server is started, we will not see any Windows or icons. It will be executed in the background of the Windows system and can be viewed only when the "Work administrator" is viewed.
Another step is the "FileZilla Server Interface" Server management Interface, which is used to manage FTP servers and add or remove FTP accounts. After FileZilla Server's Service and configuration and account are set during installation, you do not need to enable the Server management interface or FTP to operate normally. (Because the FTP server runs automatically after it is installed ).
After knowing these two things, the following installation process will be clearer. There will be a step later to ask if we want to enable FTP Service automatically or whether we want to enable Server Interface automatically at startup, which is about these two things.
Step 4 select the latest version of filezilla_server. Http://filezilla-project.org /. Then, click the "filezilla_server-0_9_24.exe" Installation File and press the left button twice to run the installation program. Then, click the [I Agree] button to start installation.
Next, he will ask you which components you want to install. Installation Method: the default standard. Click [Next] to continue the Next step.
In step 5, he will ask which folder you want to install the FTP server program to. We strongly recommend that you install it in a non-default path to increase the security factor. Click [Next] to continue the Next step.
Step 2: This step is to ask if we want the FTP server to automatically start when the computer starts up. Please click [install as service, started with windows (default )], click [next 〕. In this way, the FTP server will be automatically installed as a system service. After each boot, the FTP server will be automatically started and executed in the background. Set the Management port "14147". We strongly recommend that you change this port, for example, to port 38121. (Do not conflict with common services such as port 80)
Step 2: We can set whether to automatically start the "filezilla server interface" server management interface when starting the system. If you often need to manage your FTP server, you can choose [start if user logs on, apply only to current user ]. Generally, you can select start manually at the bottom, and enable it manually when necessary.
After step 2 is installed, click [close] to end the installation program.
After the software is installed in step 2, a "connect to server" window will appear when the filezilla server is started. We can go to "administrator password: in the field, enter the password for the filezilla service on the server and the Management port number (for details about the Management port, refer to the specific number entered during the installation process above .), Select "always connect to this server" and then press [OK 〕. We recommend that you select the "always connect to this server" option, that is, every time you start the management console, it is used to manage the local filezilla service.
Note: It is very important to modify the port and password. This is the key to ensure filezilla security. You must modify the port and set the password! Complicated passwords are recommended! You can make changes on the management interface.
Step 2: After the FileZilla Server management interface appears, you can view the current FTP Server status in the upper half of the window. If there is a message "Logged on" or "Server online, indicates that the instance has been successfully launched. We can switch online or offline as shown in the lightning diagram above at any time to manually enable or disable the FTP site.
Step 2: set global server parameters: click "Edit" and select "Settings"
General settings ):
Listen on Port: Listener Port, which is actually the connection Port of the FTP server.
Max. Number of users: Maximum Number of concurrent clients allowed.
Number of Threads: Processing thread. That is, the CPU priority. The higher the value, the higher the priority. Generally, the default value is enough.
Timeout setting: timeout settings, from top to bottom: Connection timeout, transmission idle timeout, and logon timeout. The Unit is seconds.
Welcome message page settings: the Welcome information displayed after successful client logon. We recommend that you do not use the default software, because no software can guarantee that there are no vulnerabilities. If the software name is exposed here, once the FTP Server software has any security vulnerabilities, if someone with ulterior motives knows the name of the server software, they may initiate targeted attacks. Therefore, we recommend that you do not include any server information. We strongly recommend that you change the default welcome information to "Welcom to Serv-u ftp Server". In this way, Filezilla will enter Serv-U in the welcome message to fool attackers. Note: This step is very important!
Now we use telnet to connect to port 21 of FTP, and we can see the modified "false" prompt information, so that the server security can be significantly improved.
IP bindings (IP binding) page: bind the server to the IP address and use * to bind the server to all addresses.
IP Filter page: sets IP Filter rules. The IP address in the above section is prohibited from connecting to the FTP server. The following is allowed. Format: it can be a single IP address or IP address segment. You can use wildcards, IP/subnet syntax, or regular expressions (ending with "/") to filter host names.
Step 1: Passive mode settings (Passive Transmission mode settings): Pay attention to this page.
If the server itself directly has a public IP address, you can select the Default "Default" of the software ".
If the server is in the LAN and is behind a gateway, select the second item "Use the follwoing IP" and enter the public IP address in the input column below. Otherwise, the client may not be able to connect to the FTP server in PASV passive mode. Because the server is in the internal network, when the client uses PASV mode to connect to the server, the server must notify the client of its IP address after receiving the connection request, the IP address it detects is an intranet IP address (for example, 192.168.0.5). The IP address is handed over to the client, and the client cannot connect. After the specified IP address is set, the server submits the valid public IP address to the client to establish a normal connection.
If the server is a dynamic IP address, you can select the following "Retrieve external IP address from" and use the IP address query page provided by the official website of FileZilla to obtain the valid public IP address at that time, the server then submits the public IP address to the client. Of course, static IP can also use this, but it is not necessary.
This setting page is very important for the server in the intranet. Some FTP servers do not have this configuration item, and the client can only connect in active Port mode. Of course, some client software has special settings for this problem. For example, in the site setting of FlashFXP, you only need to select "passive mode using site IP Address.
For servers in the LAN, if the server is not in the DMZ area, we strongly recommend that you select "Use M m port range" below to define the PASV port range. In PASV mode, the server randomly opens the port, and then tells the client the opened port number to allow the client to connect to the opened port. However, because the server is behind the gateway, if the gateway does not have the corresponding port ing, the client will not be able to connect to the port opened by the server from the Internet, resulting in PASV mode connection failure. Restrict the port range opened by the server, and then connect to the gateway connected to the Internet to perform port ing (virtual service) on these ports of the server ). This requires that the server and the Internet gateway device be configured together so that the Internet client can be connected in PASV mode.
Step 2 Security settings: the two options here are related to whether FXP can be used. The default software status "Block incoming server-to-server transfers" and "Block outgoing server-to-server transfers" are both selected, in the preceding example, the server pair is not allowed to be connected, and in the following example, the server pair is forbidden to be uploaded. That is to say, FXP is not allowed by default. To use FXP, cancel the selection of the two projects. Note that FXP transmission is related to the settings of this page and IP Filter.
NOTE: If enabled, IP Filter checks the remote IP address at the beginning of transmission. If the IP address does not meet the remote IP address in the control channel, the transmission will be canceled.
FXP is often used to transmit illegal pirated software. Bounce attacks can also be used to initiate Dos attacks on servers, Because malicious users can initiate multiple servers to transfer data to servers, this will have a great impact on the server bandwidth and availability.
If the IP address is strictly filtered, the whole IP address is compared with the IP address in the control channel. However, this option may cause problems for the proxy server that uses multiple IP addresses.
To avoid this problem, you can disable strict IP address filtering so that only the first three parts of the IP address are checked, but this reduces the security of FXP/Bounce attacks. Therefore, you need to choose between security and compatibility. To achieve the best effect, you can block all FXP transmissions and only enable strict Filtering for incoming transmissions.
Step 2: Admin Interface setting (set on the administrator Interface): This is the parameter used to log on to the configuration server Interface. The port number settings also appear during installation. In the following two columns, you can define the network interface and IP address that allow remote logon configuration. In the first blank area, you can bind the management interface to an IP address and use * to bind all IP addresses. 127.0.0.1 is the default binding, it always exists and cannot be removed; the second blank setting allows you to connect to the IP address of the management interface, you can use wildcards (for example: 123.234.12 ?. *) 127.0.0.1 is always allowed to connect to the management interface. Change the administrator password at the bottom.
Note: It is very important to modify the port and password. This is the key to ensure Filezilla security. You must modify the port and set the password! Complicated passwords are recommended!
Step 2: Logging: Set whether to enable Logging and Log File Size and file name.
Step 1: speed limits (speed limit): This is a global parameter, and the default status is not limited. You can select "constant speed limit of" and fill in the speed limit value to achieve the speed limit. Download (outgoing) and upload (incoming) can be set separately. You can also customize the speed limit rule-"use speed limit rules" according to the time period. For example, this server or network connection can be used in addition to the FTP server. It needs to be scheduled by time, FTP transmission cannot occupy all network bandwidth to affect other network services. You can set it here.
Step 2: filetransfer compression: Mode z ftp is a real-time compression transmission protocol. In this mode, the sender's data is compressed before it is sent and then transmitted to the network link. The receiver unpacks the data in real time and restores the data locally to form the original file. This mode can greatly reduce network data traffic and improve transmission efficiency (speed ). Of course, there is almost no effect on compressed files. To use this transmission mode, both the server and client must support the mode Z protocol.
Select "enable mode Z support" to enable the mode Z support function of the server. In this way, as long as the client supports mode Z, the performance improvement can be achieved. "Minimum allowed compression level" and "maximum allowed compression level" respectively set the minimum compression rate and the maximum compression rate. Enter the target IP address that does not enable mode Z.
After completing these settings, click "OK" to save the settings and exit the global settings page of the server.
Step 2: Set "SSL/TLS Settings ",
In the displayed dialog box, enter the country code, province, city, organization, and contact email address, and click Generate certificate ".
Select "Enable FTP over SSL/TLS support (ftps )"
Step 2 reinforce permissions and find the filezilla configuration file in XML format. Right-click it and select Properties.
The permission to join the guest group to prohibit reading and writing. It is set to deny.
Click OK. A prompt is displayed, asking if the priority of the denied permission is higher than the permitted permission. If you want to continue, click yes.
Anonymous FTP Configuration:
First open the management console, click the fourth icon from the Left to enter the system settings.
Open the FTP user management interface and click Add on the right to add a new user.
In the Add User dialog box, enter the name "anonymous", that is, anonymous FTP user.
Click "OK" to add the user. The user management page is displayed.
Click "Shared folders" on the left. Click Add to Add a directory.
Open the Browse folder option and select the FTP directory to be set.
Click OK to add the user.
Now the FTP client is connected to the FileZilla Server, and the anonymous FTP configuration is complete.
Standard FTP User Configuration:
Set the process: open a new account → set the password → select a folder → set up.
Step 2 sets the user Group Settings. Click the fifth button on the main interface or enter the "Edit"-"Groups" menu.
Group settings are used to facilitate user classification and management. users with the same permissions belong to the same group. In this way, you do not need to repeatedly set parameters such as permissions for each user to simplify configuration and management. Click "Add" on the right to create a new group.
After the group is created, click "Shared folders" to go to the directory permission settings page. Click "Add" in the middle area to Add a directory. The first Directory added by default is the Home Directory seen after the group of users log on. The Home Directory is marked with a bold "H" in front of the Home Directory. The right side of the directory list is the operation permission settings for this directory. The above is the file permission settings, and the following is the directory permission settings. To change the main directory, select the one you want to Set as the main directory in the list, and click "Set as home dir.
After setting the main directory, click "Add" to set the remaining directories in sequence. However, you must note that if you only add other directories, you will find that all directories except the main directory and Its subdirectories are invisible after you connect to the client. What's going on? Here is a concept-virtual path. The so-called virtual path is the directory structure seen on the client. A user can only have one home directory. If other directories are not mapped to a virtual directory, the client will not see it. Therefore, only directories other than the main directory can be virtualized into sub-directories of the main directory, which can be seen on the client.
For example, in this example, the main directory is D: \ Downloads. If you do not set the virtual path, you can only see the content in the main directory when logging on to the client. There is also an E: \ FTPRoot directory that cannot be seen. How do I set a virtual path? Right-click the "E: \ FTPRoot" directory in the list and select "Edit aliases" in the pop-up menu to Edit the alias: the \ FTPRoot directory is the FTPRoot directory under the main directory of the client. In the pop-up window, enter "D: \ Downloads \ FTPRoot" and click "OK. Note the spelling rules. The first part of the path must be the absolute path of the main directory. After this setting, you can see a "FTPRoot" directory on the client, which is actually the E: \ FTPRoot directory.
"Speed Limits" and "IP Filter" in the group settings are the same as the Speed limit in the global settings and the IP Filter setting method. Refer to the preceding content. However, this is only effective for users in this group. The global settings take effect for all users. Click "OK" to return to the main page.
Files → Read: downloadable Files.
Files → Write: You can upload Files.
Files → Delete: You can Delete Files.
Files → Append: downloads the file to a local copy and enables editing. When the file is disabled, it is uploaded to the server. (Problem: I don't know if I want to edit it on the server .)
Directories → Creat: you can add a sub-folder.
Directories → Delete: Delete a sub-folder.
Directories → List: List the files in the folder.
Directories → + subdirs: List subfolders in the folder.
Note: The permissions on files and directories set in FileZilla Server depend on the SYSTEM account in the Windows operating SYSTEM to set permissions on files and directories.
Step 2: Set the user (Users ). Click the fourth button on the main interface or go to the "Edit"-"Users" menu.
Click "Add" on the right to create a user and enter the user name "test.
Select the multiple selection box in front of the Password, and enter the Password 123456.
Then, select the Group to which the user belongs from the "Group membership" column, so that the user will inherit all the attributes/permissions of the user Group and do not need to set these parameters one by one. This is also a convenient way to set groups. When many users use groups for classification, management is more convenient and efficient. Of course, you can also set a user that does not belong to any group. In this way, you have to customize the permissions of the user separately. This method can be used for a small number of special users.
Return to the user management interface, click Set folder directory, and click Add to Add directory.
After adding the directory, select the permission of the user test on the right and click OK on the left to complete the configuration.
Now you can use the client to test logon.
Open the FTP client software, enter the test user name and password 123456, and log on to the server.
After successfully logging on, you can see the files under the FTP directory you just created and have the upload and download permissions.
Now, the basic settings of the FileZilla Server are complete and can be run.
The SFTP enabling settings are as follows:
Open the "Users" dialog box: Add a user, enter a password, and select "Force SSL for user login". The purpose is to Force SSL. If this option is not selected, do you want to use SSL, it is selected by the client.
Add the FTP folder to "Shared folders" and set the corresponding permissions.
Use FileZilla Client to connect to the FTP server. It is the same as a normal connection. You only need to select Servertype, for example:
For users who use FTP Server software for the first time, this article can also be used as an entry reference. In fact, the basic principles of all FTP Server software installation and setup are similar. After you have mastered one, you can combine the other methods.
Http://ce.sysu.edu.cn/hope2008/Education/ShowArticle.asp? ArticleID = 13136