Category Archives: Knowledge Base

Adding users from CSV file using PowerShell and SMSCLI

  By ,
Syncplify.me Server! version: 4.0.8+

Many of our users are asking how to add multiple user accounts to Syncplify.me Server! at once. Most of them already have a CSV (comma-separated value) text file with username and passwords of the user profiles to be added, so it would make a lot of sense for them to have a simple procedure to import such users from the existing CVS file. You can actually do that very easily by writing a tiny PowerShell script that internally calls our SMSCLI (Syncplify.me Server! Command-Line Interface), and this article shows one way to do so.

The first step is to make sure that we know what VFS these imported users will be using as their “home directory”. For the sake of this example (and to keep it as easy as possible) we will use a parametric VFS like the one shown in the image here below: Continue reading

High-Availability (HA) with Syncplify.me Server! v4

  By , ,
Syncplify.me Server! version: 4.0.17+

Version 4.x of Syncplify.me Server! introduced a remarkable amount of new features, and improved some of the existing ones greatly. The latter is the case of high availability deployments, which have been rendered much easier and a lot more powerful.

This article explains one way (not the only possible one) to install and deploy a highly available multi-node Syncplify.me Server! in your network.

First of all, let’s prepare 3 virtual machines:

  • 1 VM for the DB and HTTP/REST server
  • 2 VMs for the SFTP server nodes

Continue reading

Monitor a directory, and upload/archive files as they arrive

  By , ,
Syncplify.me FTP Script! version: 3.1.6+

Monitoring a directory for certain files, and as soon as they become available (someone puts them in that directory) upload them somewhere else and then move the original files to a different location (archive) on the local disk. This is one of the most common questions from our FTP Script! users.

For such reason we have prepared the sample script below. It will probably fit the most common cases, and it’s a decent learning tool as well as starting point to create your own (more complex) scripts to accomplish your very own particular task.  Continue reading

Hiding certain files from a directory listing

  By , , ,
Syncplify.me Server! version: 4.0.24+

As of version 4.0.24, Syncplify.me Server! has introduced two new features:

  • the BeforeSendDirListToClient event handler
  • the RemoveFromDirList method in the scripting framework

These features can be used together to hide certain files from a directory listing. This is useful, for example, when you don’t want certain users to see certain file types when they connect to your SFTP server, but you still want to show such files to other users.

The first thing to do is creating a script. Let’s assume, for the sake of this example, that you want to hide some AutoCAD® files, and specifically all DWG and DXF files. Then you will need a script like this:

Once the script is ready, you will have to open the user profile you want to apply the rule to, and add an event handler to it, like this: Continue reading

Using the DiskAES256 encrypted VFS

  By ,
Syncplify.me Server! version: 4.0.0+

As of version 4.0, Syncplify.me Server! has introduced storage access via VFS (Virtual File System). This new storage virtualization layer allows an administrator to choose among different ways to access the underlying file system; one of them, that encrypts/decrypts data at-rest on the fly, is the DiskAES256 VFS.

When a VFS is of DiskAES256 type, all files uploaded to that VFS will be encrypted and then saved to disk. Similarly, when an SFTP client downloads them, the files will be read from disk and decrypted on-the-fly before they are sent to the client over the network (don’t worry SSH/SFTP network encryption still applies).

So, because of the way it works, as described here above, when you create a new VFS of type DiskAES256 you have to make sure it points to an empty path/directory (that has no files in it). Otherwise it would try to decrypt existing files that are not encrypted in the first place, and fail. Continue reading

Making Syncplify.me Server! work with SSHFS/WebEx

  By , ,
Syncplify.me Server! version: 4.0.19+

SSHFS is a FUSE-based filesystem client for the SSH File Transfer Protocol (SFTP); it’s very common among Linux users to mount SFTP targets as local directories. WebEx is a well-known teamwork collaboration tool by Cisco that uses SSHFS to back-up its data to a remote SFTP server.

Unfortunately, the coupling of SSHFS/WebEx – at the time this article is being written – has at least two problems that can cause serious issues to servers that implement the SFTP protocol and its extensions correctly. Continue reading

How to prevent uploads of EXE files

  By , , ,
Syncplify.me Server! version: 4.0.0+

Some SFTP servers feature a simple “extension exclusion list” so that administrators can specify certain file extensions that the server should not let users upload. But that’s a pretty weak defense, as a clever attacker could always upload an EXE with a fake extension and then rename it or otherwise find alternative ways to run it on the server, thus compromising its security.

Syncplify.me Server!’s scriptable nature, though, allows you to do a lot more than just disallow certain file extensions. Here’s a sample script that can be attached to the “AfterFileUpload” event handler, to identify EXE files that have been uploaded with fake extensions and delete them right away.

The above script is provided as a mere example to identify Windows EXE files. But it could be easily modified in order to identify other file types.

All Windows EXEs, in fact have stable distinguishing features in their binary code, and more precisely: the first 2 bytes (in hex) will always be 4D5A, and the 4 bytes at offset 256 (0x100) will always be 50450000. So if a file has those byte sequences in those exact locations, it’s safe to say it’s a Windows EXE.

Do you need to identify ZIP files instead? The first 4 bytes are always 04034B50.

And so on… many file types can be identified by specific “signatures” in their binary code, that one can easily read using Syncplify.me Server!’s powerful scripting capabilities.

The Journey from FTP to SFTP

  By , , ,

You can also download this white-paper for offline use by scrolling to the bottom of this article.

File transfer is an important aspect in computing. There is always a need for us to transfer files between a source and a destination. While in the earlier days, certain protocols were used to manage file transfers between the client and server, security was not much of a concern then. But, with the advancements in computing and rise of different kind of intrusions, security gradually became a pressing need. Yes, you guessed right. I am talking about FTP and SFTP. Let’s take a look at the journey from FTP to SFTP.

The standard network protocol File Transfer Protocol (FTP) is used to transfer files between a client system and a server. According to Wikipedia, the FTP ran on NCP specification until 1980. After that the protocol was replaced by a TCP/IP version named RFC 765 and consequently by RFC 959 in October 1985. RFC 959 is the current specification which FTP follows.

According to the latest specification, FTP should fulfill 4 major objectives namely: Continue reading

The new “compound increment percentage”

  By , ,
Syncplify.me Server! version: 4.0.16+

Syncplify.me Server! v4.0.16 introduced a new (yet very important) improvement to the Protector™ technology: the compound increment percentage.

Before this update, the Protector™ would put an attacker’s IP address in the blacklist for a predetermined amount of time, and remove it from the blacklist once said time had past. But attackers often try to connect to the server to attempt further attacks even when they are already blacklisted.

The updated Protector™, instead, features a significant difference: if an attacker tries to connect to the server while already blacklisted, the attacker’s IP address blacklist expiration will be prolonged by an amount of time that is calculated using the above “increment percentage” compound to the “number of identified attack attempts” while such IP was already blacklisted. Logn story short: if an attacker keeps attacking, its IP address may very well never get out of the blacklist even when the blacklist is set to ban attackers IPs only temporarily. Continue reading

Authenticating users against your own DataBase

  By , , ,
Syncplify.me Server! version: 4.0.16+

Note: in order to use the code posted in this article you need to be running at least version 4.0.16 or greater of Syncplify.me Server!

As you all know, Syncplify.me Server! already supports its own internal users, as well as Windows and Active Directory users (and groups, depending on the license type). Yet, some of our customers need to implement totally custom authentication methods, often based on their own user databases.

In this article we will show one way to do so. This is clearly just meant to serve as an example, and real-life scenarios require some further customization to the DB and the script posted here. But it’s a fairly decent starting point.

So, the background scenario for this example is:

  • our users’ authentication data are stored in a Microsoft(R) Access database
  • in our DB, each user is associated to a “category” (in this case his/her department: sales, marketing, …)
  • for the sake of this example, all users’ passwords are set to “password” (without quotes)
  • the script is pretty sophisticated, because besides authenticating the user, it will load a user profile that belongs to the “category” of the user from the main Syncplify.me Server! user-base

So let’s start taking a look at our user database: Continue reading