How to upgrade Syncplify.me Server! from V4 to V5

The video here below shows the recommended procedure to upgrade your Syncplify.me Server! from version 4.x to the new version 5.x.

It is recommended, before upgrading to v5.x, to make sure that you’re running the latest version 4, which is v4.2.5.

And the “magic URL” mentioned in the video, the one to backup your old v4.x configuration is:

 

Syncplify.me Server! v5: how to add a node/server to a high-availability (HA) set

This article embeds a video that shows how to add an additional node/server to an existing Syncplify.me Server! v5, turning it into a high-availability (HA) deployment.

This video only deals with the addition of the second node, we strongly recommend you to also check out this other article to learn how to deploy the first node.

How to install Syncplify.me Server! v5

This article embeds a video that shows how to install Syncplify.me Server! version 5.x either as a single standalone server or as the first node of a high availability deployment.

Now that you’ve set up your Syncplify.me Server! v5 as a standalone server, we suggest you check out this other article to learn how to add a second node and turn your SFTP server into a high-availability set.

ObjectName and VirtualObjectName deprecated in V5

Syncplify.me Server! version: 5.0.0+

Starting from version 5.0 of Syncplify.me Server! the ObjectName and VirtualObjectName variables (scripting engine and event-handling subsystem) will be deprecated.

They are still available, but they will be removed in future versions, so we do recommend to update all scripts that may be using such variables and make sure you use the new ones:

Session.ObjectName: substitutes ObjectName
Session.VirtualObjectName: substitutes VirtualObjectName

There are also two new similar values that will normally be empty, but may contain a string value only when responding to client commands like COPY, MOVE or RENAME. Such variables are:

Session.ObjectName2: contains the destination file name, relative to the local file system, for the object to be copied to, moved to, or renamed to (example: C:\SFTPData\NewFileName.txt)
Session.VirtualObjectName2: contains the destination file name, in POSIX-compliant format, for the object to be copied to, moved to, or renamed to (example: /SomeFolder/NewFileName.txt)

How to: SFTP authentication via one-time passwords (OTP)

Syncplify.me Server! version: 5.0.0+

Occasionally our customers ask if it’s possible to implement some form of one-time password (OTP) authentication for their SFTP users. Considering the complexity of the SSH authentication scheme, such task is definitely not trivial. To ease the process, Syncplify.me Server! V5 adds two new event-handlers and several functions to the scripting framework. This article explains how to use them to accomplish OTP authentication over SFTP. Continue reading

How to use VFS.ImportFile and VFS.ExportFile

Syncplify.me Server! version: 4.1.6+

As of version 4.1.6, Syncplify.me Server! added 2 new functions to the VFS object for you to use inside your event-handling scripts (requires the Ultimate edition of the software).

Say, for example, that you have an encrypted VFS, like a VFS of type DiskAES256 as shown in the picture here below: Continue reading

How to: use a CA-issued certificate (the long way)

Syncplify.me Server! version: 4.0.0+

If you already own an X.509 (SSL/TLS) digital certificate in PFX format, you know how simple it is to import it into your Syncplify.me Server! and use it.

But many of our customers asked for a tutorial on the longer procedure of requesting a digital certificate to a certification authority (CA) via a certificate signing request (CSR). So here’s the fully documented procedure for you.

First of all you have to generate the CSR, and to do that you will simply go to the Security->FTP(E/S) menu and select the option in the picture below from the certificate drop-down menu: Continue reading

Hiding certain files from a directory listing

Syncplify.me Server! version: 4.0.24+

As of version 4.0.24, Syncplify.me Server! has introduced two new features:

  • the BeforeSendDirListToClient event handler
  • the RemoveFromDirList method in the scripting framework

These features can be used together to hide certain files from a directory listing. This is useful, for example, when you don’t want certain users to see certain file types when they connect to your SFTP server, but you still want to show such files to other users.

The first thing to do is creating a script. Let’s assume, for the sake of this example, that you want to hide some AutoCAD® files, and specifically all DWG and DXF files. Then you will need a script like this:


Once the script is ready, you will have to open the user profile you want to apply the rule to, and add an event handler to it, like this: Continue reading

How to prevent uploads of EXE files

Syncplify.me Server! version: 4.0.0+

Some SFTP servers feature a simple “extension exclusion list” so that administrators can specify certain file extensions that the server should not let users upload. But that’s a pretty weak defense, as a clever attacker could always upload an EXE with a fake extension and then rename it or otherwise find alternative ways to run it on the server, thus compromising its security.

Syncplify.me Server!’s scriptable nature, though, allows you to do a lot more than just disallow certain file extensions. Here’s a sample script that can be attached to the “AfterFileUpload” event handler, to identify EXE files that have been uploaded with fake extensions and delete them right away.

The above script is provided as a mere example to identify Windows EXE files. But it could be easily modified in order to identify other file types.

All Windows EXEs, in fact have stable distinguishing features in their binary code, and more precisely: the first 2 bytes (in hex) will always be 4D5A, and the 4 bytes at offset 256 (0x100) will always be 50450000. So if a file has those byte sequences in those exact locations, it’s safe to say it’s a Windows EXE.

Do you need to identify ZIP files instead? The first 4 bytes are always 04034B50.

And so on… many file types can be identified by specific “signatures” in their binary code, that one can easily read using Syncplify.me Server!’s powerful scripting capabilities.

Authenticating users against your own DataBase

Syncplify.me Server! version: 4.0.16+

Note: in order to use the code posted in this article you need to be running at least version 4.0.16 or greater of Syncplify.me Server!

As you all know, Syncplify.me Server! already supports its own internal users, as well as Windows and Active Directory users (and groups, depending on the license type). Yet, some of our customers need to implement totally custom authentication methods, often based on their own user databases.

In this article we will show one way to do so. This is clearly just meant to serve as an example, and real-life scenarios require some further customization to the DB and the script posted here. But it’s a fairly decent starting point.

So, the background scenario for this example is:

  • our users’ authentication data are stored in a Microsoft(R) Access database
  • in our DB, each user is associated to a “category” (in this case his/her department: sales, marketing, …)
  • for the sake of this example, all users’ passwords are set to “password” (without quotes)
  • the script is pretty sophisticated, because besides authenticating the user, it will load a user profile that belongs to the “category” of the user from the main Syncplify.me Server! user-base

So let’s start taking a look at our user database: Continue reading