Syncplify.me Server! v4.1.6 released

We have just released version 4.1.6 of our Syncplify.me Server! software. This version features the following improvements:

  • Fixed: bug in the REST server that caused outbound connections to be attempted even when the server was working “offline”
  • Experimental: VFS.ImportFile and VFS.ExportFile functions to import and export files into/out-of the current VFS from inside event-handling scripts (with support for both plain and encrypted VFS types)

Warning: upgrading to this version from any version prior to 4.0.34 will invalidate your license, so please if you are a customer – before you upgrade – contact us to request a license reset.

Note: if after the update you notice any unexpected behavior in the web interface, just hit Ctrl-F5 in your browser; that will force the browser to reload the page as well as all back-end scripts and update the ones that may have been cached from previous versions of the software.

As usual you can download this new release from our website.

Configuring SSL/TLS security for the Web/REST Service

While SSL/TLS security configuration for the FTPS protocol is entirely self-contained, Syncplify.me Server!’s Web/REST service relies on Windows’ HTTP.SYS subsystem, which is the same subsystem IIS is based on, and therefore its security configuration has to be made at operating system level.

In order to ease the process we recommend Natarc’s IISCrypto, a free and powerful utility that helps achieving the task with just a few mouse clicks. Continue reading

HTTPS “connection not private/secure” – what it is?

Syncplify.me Server! version: 4.0.0+

After installing Syncplify.me Server! v4.0 you will be able to manage it securely via web interface over HTTPS.

Now, a very common choice is to use a self-signed certificate, because it saves money and if you know what you’re doing it doesn’t compromise security. This is, in fact, the most common choice among our users (according to our surveys).

But if you use a self-signed certificate, your browser will warn you that your connection may not be private or secure. That’s because self-signed certificates are often used for man-in-the-middle (MitM) attacks. But this is not the case, of course, if you can verify that this particular self-signed certificate was created by you and for you.

To get rid of this annoying message, you basically have 2 options:

  1. Spend some money to buy a trusted X.509 (SSL/TLS) certificate from a Certification Authority like DigiCert, Comodo, Thawte, and the like. It goes without saying that this is the recommended choice, as it takes advantage of the inherent trust chain provided by the Certification Authority.
  2. Verify and accept the self-signed certificate you have just created and add it to the trusted keychain of your browser. In this case you are advised to always verify the certificate’s fingerprint to make sure it’s really the one you created yourself, and that you’re not a victim of a Man-in-the-Middle (MitM) attack.

Continue reading

Can I run Syncplify.me Server!’s HTTP REST API on port 443?

Syncplify.me Server! version: 4.0.0+

During the installation process of Syncplify.me Server! v4.x (or greater) you will be asked the IP address and port to which the new HTTP REST API service should bind. While in most cases 0.0.0.0 (all interfaces) is a safe choice for the IP address, it is important to carefully choose a port.

In order to help you choose, we have prepared a very easy diagram. Just answer the questions on the diagram, and you’ll know which port (not) to use.

HTTPS Port Choice

This said, in order to limit automatic probes (bots), choosing a non-standard port is probably always the safest way to go.

Syncplify.me Server!: the path from v3 to v4 (teaser)

After less than a month from the release of v3, our team is already at work on v4.

While v3 has been our “back-end release” (the version that introduced a whole lot of new functional features, from speed limits to new scripting capabilities, from multiple instances to actual impersonation, and more…), v4 will be our “front-end release” and will deliver a greatly improved interface for… well… everything.

And thanks to the whole new configuration API implemented as REST web service to be consumed over a secure HTTPS channel, the GUI will also be fully cross-platform. Ever dreamed to be able to configure your Syncplify.me Server! from your iPhone or Android device? V4 will make it possible!

SMSv4onPhone

The above is not a mock-up, it is an actual screenshot taken from one of our Android phones in the lab. More to come… soon!