Syncplify.me Server!: the path from v3 to v4 (teaser)

After less than a month from the release of v3, our team is already at work on v4.

While v3 has been our “back-end release” (the version that introduced a whole lot of new functional features, from speed limits to new scripting capabilities, from multiple instances to actual impersonation, and more…), v4 will be our “front-end release” and will deliver a greatly improved interface for… well… everything.

And thanks to the whole new configuration API implemented as REST web service to be consumed over a secure HTTPS channel, the GUI will also be fully cross-platform. Ever dreamed to be able to configure your Syncplify.me Server! from your iPhone or Android device? V4 will make it possible!

SMSv4onPhone

The above is not a mock-up, it is an actual screenshot taken from one of our Android phones in the lab. More to come… soon!

New release: Syncplify.me Server! v3.1.0.40

We have just released Syncplify.me Server! v3.1.0.40. This new version fixes/adds the following:

  • Fixed a bug that prevented the correct encoding of dates and times in FTP file listings on operating system locales other than English
  • Fixed few glitches in the Configuration Manager
  • Added color-coding to both command-line components
  • Added custom SendToClient function to the scripting subsystem (only for FTP/S protocols)

As usual you can download the new version from our web site.

Syncplify.me Server!: No worries about POODLE SSLv3 bug.

By now, everyone has heard about the POODLE bug, that’s scaring every system administrator these days.

Unfortunately it is a design flaw in SSLv3, therefore the only thing you can do to go around it is to disable SSLv3 from all your servers (whatever they are, IIS, Apache, …, all SSL-capable servers).

Fortunately Syncplify.me Server! has – by design – a very easy way to do that. As shown in the picture below, just make sure the SSLv3 option is unchecked, and save your configuration. There you go, you’re safe now.

poodle

New release: Syncplify.me Server! v3.0.5.35

Another update for you, probably the last one for a little while. Syncplify.me Server! v3.0.5.35.

This new version can be considered a “minjor update” (minor update with a couple major additions) and it delivers the following:

  • added support for a greeting/disclaimer message upon successful SSH/SFTP connection (previously greeting messages were only supported over FTP/S)
  • added support for the “copy-file” SFTP command extension, which allows SFTP clients to request the server to make a copy of a file without actually transferring it back and forth (the client must support the “copy-file” extension as well, successfully tested with WinSCP 5.6.1)

As usual you can download the latest version from our web site.

Someone is up to something (SSH server hacking attempts)

As some of you may know, Syncplify’s goal wasn’t just to build a secure FTP and SFTP server with regards to data in motion; we made sure to design a server software that can protect itself (and therefore you) from many hacking attempts, like DoS, password harvesting, hammering, and many other types of attack.

In order to better understand what types of attack are out there in the wild, we have deployed several instances of our Syncplify.me Server! in many different networks (in the cloud, VPS, dedicated servers, …) and we use them as “honeypots” to keep the world SSH break-in attack situation under constant monitoring.

In the past few days we have noticed a significant increase of password harvesting/guessing/breaking attacks, as shown in the picture here below. Taking control of as many servers as possible by breaking into them via SSH is one of the preliminary actions that usually lead to some form of DDoS outbreak in the near future.

someoneupto

The situation shown here above is a clear indicator that someone is up to something. We would not be surprised if another major vendor/corporation/network is subject to a DDoS attack in the next few days. Please, everybody stay alert!

We’re also happy to report that, unlike some competitors’ software, Syncplify.me Server! is successfully identifying all attacks, and blacklisting all attackers. No Syncplify.me Server! has been broken into. Ever.

New release: Syncplify.me Server! v3.0.4.34

This new minor release adds a couple string-management functions to the scripting (event-handling) subsystem:

  • StrMD5: calculates the MD5 hash code of a string (supports both ANSI and Unicode)
  • StrSHA1: calculates the SHA1 hash code of a string (supports both ANSI and Unicode)

As usual you can download the latest version from our web site.

New release: Syncplify.me Server! v3.0.3.33 (minor fix)

We just released v3.0.3.33 of our Syncplify.me Server! software.

This version only fixes a small glitch with Windows/AD user management, where it wasn’t possible to apply multi-factor authentication to such profiles (the field in the Configuration Manager was erroneously disabled).

As usual, you can download the new version here. Thank you for your support!

True impersonation and [USER_HOME] directory

One of the main new features that come with Syncplify.me Server! v3.0 is true impersonation of Windows and Active Directory users.

Unlike previous versions, the new v3.0 actually impersonates the authenticated Windows or AD user and therefore accesses the underlying file system with such user’s privileges, limitations, and ACL. Syncplify.me Server!’s native file and directory permissions still apply, but they are applied only *after* the operating system rules, therefore they can further restrict the OS configuration, but not expand it (for safety reasons). Continue reading

How-to: configure Syncplify.me Server! HA instances

Note: this article refers to Syncplify.me Server! v3.x; As of Syncplify.me Server! v4.0 support for high-availability (HA) has become even better; you can read more about v4.0 HA features here.

One of the main new features in Syncplify.me Server! v3.0 is the ability to run in high availability (HA) configurations.

A highly available configuration is a deployment in which 2 or more servers share the same storage and configuration/user database. A network balancer is then used to decide whether to operate such servers in an active/active mode (where all nodes accept incoming client connections simultaneously) or in an active/passive mode (where some nodes accept client connections, and some other nodes kick in to substitute one of the active nodes that has stopped working).

This article explains how to configure Syncplify.me Server! (with HA licenses) in order to operate in a highly available configuration. Please, read on… Continue reading