Occasionally our customers ask if it’s possible to implement some form of one-time password (OTP) authentication for their SFTP users. Considering the complexity of the SSH authentication scheme, such task is definitely not trivial. To ease the process, Syncplify.me Server! V5 adds two new event-handlers and several functions to the scripting framework. This article explains how to use them to accomplish OTP authentication over SFTP. Continue reading
Occasionally we receive reports from users who have forgotten their SuperAdmin password, asking how to reset it. This can be done by utilizing the “Forgot Password” button in the HTTP/REST Configuration Wizard. At times, though, users get back to us saying that there’s no such button.
Normally when you don’t see the “Forgot Password” button it’s because the “Syncplify.me Web/REST Service” wasn’t started. Continue reading
The most significant improvement introduced by Syncplify.me Server! v4.1 is the ability to use MongoDB’s authentication. As explained in a previous KB article, our deployment of MongoDB was secure even without authentication, but keeping in mind all possible scenarios our development team has worked hard to add direct support to MongoDB’s native authentication into our software. This article explains how to use the new MongoDB Authentication Utility (installed along with Syncplify.me Server! v4.1+) to enable/disable this feature as needed.
The procedures outlined in this article are suitable for all single-node Syncplify.me Server! deployments. High-Availability (HA) deployments will require a little more work. Continue reading
According to the SANS ISC nearly 80% of all SSH-based brute force attacks are caused by SSHPsycho or one of its variations. This seems to be confirmed by the LongTail honeypot real-time report provided by the Marist College. So, yes, SSHPsycho is a big deal, and it’s a problem. And traditional blacklisting mechanisms (simply banning certain “well known” IP addresses and networks) have proved to be inefficient against it.
LongTail shows that Cisco and Level 3’s recent announcement about blocking sshPsycho’s 4 class C IP ranges (also known as “Group 93” and the “Hee Thai Campaign”) has done nothing to stop their brutal attacks. [Source: SANS ISC]
Syncplify.me Server!’s intelligent and automatic blacklist (called “Protector“), though, shows to be extremely effective at preventing such type of attack. Its real-time dynamic attack pattern identification and prevention technology can quickly recognize SSHPsycho attacks (and the like) and proactively stop them as soon as they begin. Even at its “Normal” sensitivity threshold, Protector already identifies and blocks all types of SSHPsycho attacks, in most cases before they even get to try the password authentication. Continue reading
If you happen to forget the SuperAdmin (SA) password of your Syncplify.me Server! v4.0, you can reset it by following the procedure here below:
First of all you have to make sure that the Syncplify.me Server! Web/REST Service is in “running’ state. Once you’ve made sure of that, please run the HTTP/REST Configuration Wizard. There’s a link in the Start menu to run it. Continue reading
Besides a totally new graphical Configuration Manager that will allow local and remote configuration (over any Internet connection) of your Syncplify.me Server!, the new v3.0 will also feature a greatly improved command-line interface (CLI) tool.
Being intended as an integration instrument, the CLI doesn’t have remote configuration capabilities, but it has some interesting features such as some new “visualization” capabilities like – for example – the ability to show the current contents of the blacklist (and alter it):
Once again thanks to our dev-team, our beta-testers, our investors, and all the people who are making this possible.
If you are using Syncplify.me Server! version 1.x or 2.x, the first time you run the Configuration Manager, after installing the software, it displays a little “hint” regarding the default username and password to use at your first access.
Password: [there is no password, just leave the field empty]
As soon as you perform your first access, you will be required (it’s mandatory) to set a password for the admin user. This requirement is necessary for obvious security reasons.
Instead, if you are using Syncplify.me Server! version 3.x (or greater), the admin username and passwords are the ones you have chosen and set upon creation of your server instance. So there is no default value anymore, you will have to log in using username/password that you have set when you have created the particular instance you’re trying to access.