Server Setup Basic Settings Crushftp Has Two Locations for Its Preferences. the Basic Settings Are Located Under the "Prefs

Server Setup

Basic Settings

CrushFTP has two locations for its preferences. The basic settings are located under the "Prefs" tab on the main screen while the advanced settings are under the ﬁle menu.

• You can turn on and off logging to a file. If you really don’t care what goes on in the server, you don’t have to keep permanent log files. • Beep when users connect is useful if you want some form of audio feedback of when users are connecting to the server. This option is not available when running it as a service since that would break the rules of being a service. • The speech enabled is another form of audio feedback that can be used to read most anything. Its default setting is where it reads the username of each user as they connect. • Hide splash screen will hide the initial loading splash screen if you want the server to run in a more invisible mode. • Max users is the maximum number of users that can be connected to the server at one time. • The port is the port that the main server is listening on. If you do not use port 21, do not expect your router/firewall, or other end users routers/firewalls to work properly with your server. If you have several virtual servers you will need to use the advanced prefs for editing the port. • "FTP aware NAT router / firewall." is on by default and makes CrushFTP run in a compliant mode where the router / firewall does all the work for you. You don't need to map any ports other than ftp(21) to your machine, or do any other settings to CrushFTP. If you turn this checkbox off, then you will need to manually map a range of ports on your router, and set the PASV ports here. [This is also required if your FTP server is not running on the default port 21. NAT will automatically edit your TCP/IP streams when you run on port 21. If you run on another port, then it will not help you and edit them. That's OK since CrushFTP knows your real IP anyway, and you can tell it what ports you are going to use. Users who connect to you that are behind their own NAT router, or firewall will have to use passive (PASV) mode to connect since their NAT system will not understand another port other than 21 for FTP.] • The banned IP list is a listing of IP’s that are currently banned. You may have other IP restrictions set, but the banned IP list is the list of ranges where the start, and stop range are the same. You are allowed to add more here, edit existing ones, or remove one entirely. • Windows users have the option to turn off the auto minimize to system tray if they don't want that function.

Advanced Settings

The advanced settings are the rest of the preferences for the server. All the basic settings should be available here (although they may look different), plus a whole lot more. The default settings should be all most users need…but you're allowed to change anything you need to. Its always a good policy to not change something when your unsure of its purpose.

General_Settings

This tab is sort of a collection of settings that didn’t fit with any of the other tabs. The settings here are the general type settings most other FTP servers would have. • Beep when users connect is a way to have audio feedback when a user connects to your server. • Deny reserved ports will not allow any PORT command from a user to specify a port that is below 1025. • The log file enabled logging of all server activity to the crush_ftp.log file. • The roll log settings are to specify how often you want the log rolled over and a new one started. Logs are stored in the logs folder once they have been rolled. You can also specify a delete option to delete the log when its rolled. • Hide splash screen hides the initial splash screen. Useful if your running CrushFTP in a more discrete mode. • Redundant bandwidth switching is a feature that will force the next item in a remote servers more items list when this server is using more than 90% of its max speed and a user attempts to upload, or download a file. This is only useful when you have setup a mirroring FTP system, and have several locations to host files from. CrushFTP can then switch to the next in list when this server is peaked. You also can setup a directory to be redundant, or load balanced. This is just a step beyond that where those would either always switch, or never switch unless a server was down. • Always doing transfers in BINARY just starts the FTP session in BINARY mode, or TYPE I mode. Some FTP clients forget to issue this command and by doing so, files would be transferred in ASCII mode. • Speech enabled indicates whether CrushFTP should read verbally the text between in server responses. Speech is only available to MacOS 8/9 users. • There are three fields for MacOS X/ Linux/ Unix users. You can specify the default owner, group, and default privs for files/folders to have when they are created. If a CrushFTP username matches an OS username that will be handled automatically. By default files/folders created are owned by root. • Packet size is always being changed on the fly on a per user / per transfer basis. Every upload and download is recalculating the fastest packet size. • Max users is the maximum users allowed to connected at a time. This however may be overridden by your license amount. The non registered shareware max is 5 users. • Max server outgoing speed is the total download bandwidth users have to take from you. Setting it to 0 means no limit. • Max server incoming speed is the total upload bandwidth users have to give to you. Setting it to 0 means no limit. • Add how many years to MDTM is a fix for a bug where JAVA does not see the years properly on some files. You can use this to specify positive or negative years. • Save report stats to disk is the timer that is running that saves the reports to disk. You don’t want this too often as this can take a while when you get a larger history built up. It also saves the server preferences to disk at this time too. Server preferences are saved in many other cases as well…like when you quit, or click the OK button. Report stats are also saved when you quit CrushFTP. • Tracking of downloaded files is the max number of files to keep in its history of downloads. Downloaded files aren’t tracked every time. If the file has already been tracked, a download count number is just incremented. • Tracking of uploaded files contains more information than downloaded files. However, uploaded files are only tracked once per file since a file should only exist once. • Tracking for logins is the number of IP’s per user to track.

IP_Settings

These settings relate to IP’s in some way. They have all been organized under this tab. • Deny FXP will prevent a user from specifying a PORT command that has an IP other than their own IP address. FXP is a method of transferring files from one server to another without the data ever going through the client. • Allow automatic JAVA reserve lookups is useful to people who have a slow DNS server, or problematic server. JAVA always tries to reverse lookup an IP address to get its host-name. This will prevent this situation from happening, but as a result all IPs logged will all be 0.0.0.0. • Hard coded IP allows you to specify the IP address of the server. This is useful if you don’t want to use the auto IP discovery feature that will lookup your current IP from a web page it hits. • Translate PORT commands will change PORT commands that specify "10.0.x.x", and "192.168.x.x" to be the real IP of the user that is connected. Since few FTP clients let you specify your IP, this will fix issues with FTP clients behind a router that does not do NAT. It will of course only be effective if that user happens to have all IP’s on their router being mapped through to their machine though. Its a rare case where this is helpful. This will be removed in a future version since its no longer useful. • The PASV port range is not used if your router supports NAT, your running on port 21, and you have selected the "FTP aware router/firewall" checkbox under the prefs tab of the main screen of CrushFTP. If you are needing to manually map the ports CrushFTP will use, then these are the range of ports that CrushFTP will use for PASV transfers. The format is start_port,end_port. A comma or dash is important! I usually recommend users to use "2000,2010" and to map ports 2000-2010 to the machine running CrushFTP. If you are manually mapping ports, make sure you do true mappings and not a port triggering method some routers support. • IP Restrictions and bans is a way to "hide" your FTP server, or just deny logins from some IPs. You could setup your server to only allow connections from certain IPs, and all other attempts from other IPs would seem as if the server didn’t even exist. Ranges of IP’s can be setup with a starting IP, and a stopping IP. Wild card characters such as "*" are not allowed. The first character in the restriction denotes its type. "D" is a deny setting, "T" is a temporary deny that will be removed automatically once its timeout has been reached, and "A" is an allow setting. • FTP Servers is a listing of the FTP servers being used. You can use this to specify multi-homed servers by specifying an IP to listen on. By default it used the special word "lookup" which listens on all IP addresses for the machine. In general you will need multiple network cards in your machine to listen on multiple IPs. Each server in the list has its own separate users and groups associated with it. You can also specify different servers for different ports, and again they each have a different users and groups folder. A good example would be running a second server on port 990 that is using SSL (FTPS). You can also add HTTP support to your server by adding a server running on port 80. Say no to making it secure since that only applies to FTPS. When you make a server running on port 80, it uses the users and groups off of the server running on port 21. You don't have to do anything special, this is handled automatically. Users then use http://your_ip/ to login to the server. When they download a file, the links on the HTTP pages are FTP:// download links. The HTTP web page serving is only used to display directory listings, and process uploads since not all web browsers can do FTP upload. • Reported Rendezvous Name is what name CrushFTP will be listed as in Rendezvous enabled clients or machines in your network. • Connection delay for FTP seems like a pointless setting. What it does is wait "X" seconds for any incoming data. If it receives data, it decides the connection is an HTTP connection and tries to process it accordingly with the built in HTML FTP viewer in CrushFTP. If instead nothing is received in that amount of time, it continues as FTP. You may need to give it a second or two if your on a slow connection and experience HTML issues. • Deny localhost Admin is an option to prevent the built in localhost administrator account. By default when CrushFTP is running as a service and you want to modify its settings, a built in administrator account is used to connect automatically. This account is only valid from the IP 127.0.0.1.

Restrictions

This is a collection of various server restrictions. • Hammering connection settings allow a user to get banned if they repeatedly try and login to your server and the login fails. The login could fail because of a bad password, or the server is already full. To have the user added as a permanent ban, set the minutes to "0".

• Hammering command settings allows you to have a user banned who is repeatedly trying commands he does not have the privileges to do…such as deleting a ﬁle, or attempting to ﬁnd hidden directories. To ban them permanently, set the minutes to "0".

• The day of the week setting lets you specify what days of the week you want the server open for business. Each individual user also has a similar setting.

• Download queuing lets you specify a queue size, and a max queue size. The queue size is the number of download spots available, and the max size is the max size the waiting queue can grow to be. When a user goes to download, they are added to the queue, and 150- messages tell them their current position every minute. Some FTP clients can't support this very well. It works, but they don't have log windows to let the user know why the download has not started.

• Upload queuing lets you specify a queue size, and a max queue size. The queue size is the number of upload spots available, and the max size is the max size the waiting queue can grow to be. When a user goes to upload, they are added to the queue, and 150- messages tell them their current position every minute. Some FTP clients can't support this very well. It works, but they don't have log windows to let the user know why the upload has not started.

• Filename filters is a global filtering method to prevent uploads, downloads, or renames of filenames that match certain patterns. By default ".lnk" files are not allowed because of security concerns.

Events

These are events that are triggered from entries in the log file. All the events are processed each and every time a line is written to the log to test to see if the log entry matches the events trigger criteria. • The username field must match exactly the username of the user your watching for an action on. The directory field must match exactly the user’s directory the action happened on, not the local directory on your HD it maps to. You could setup a disconnect email event to email you all the users uploads that they did when they disconnect. If using the Disconnected command, leave the directory blank since its not applicable. Then use the %user_session_uploads% variable in the body to give you the list of their uploads. This is often useful for imaging/ publishing companies. Make sure to first click the add button to add an event, then make sure to hit the apply button after entering the data in the fields. The %data% variable gives you the log line that caused this event to be activated…in this case it contains the file name, size, and date.

• The other event types use a search field to cause them to be activated. Wild cards are allowed in these cases. Something like "john*CWD*/files/uploads/*" would find all cases where john issued the CWD command and had the path "/files/uploads/" with the CWD command. The file tab can be used to move, copy, or delete files based on criteria like this. You could have a file copied to another location as soon as it is uploaded with a search line like "john*/ uploads/*STOR". Then whenever user john uploads a file to a path that ends in uploads, you could have it copied to a location specified by the path field. The path field here is a local path on your machine like "/Mac HD/Documents/private uploads/". The directories must already exist. CrushFTP will not generate them. You cannot move a file across drives…only copy it.

Server_Variables

This is a listing of all the server variables there are. All the command responses, and other response settings, along with a few html pages are located here. I won’t go into detail about each variable. You are welcome to customize the server messages to a more appealing non-standard way, but keep in mind that some messages are word sensitive to some FTP clients. So changing them too much may cause problems with users when they try and navigate your server. This is also where you can put the tags to have things spoken verbally on the server when the message is written to the user. Like when a user goes to login, %user_name% in their message will cause their login name to be spoken every time they login to your server. Don’t forget to hit the apply button after making a change.

Logging_Options

This tab has all the settings for what commands you want logged to both the server windows log, and to the actual log ﬁle.

• The main difference between the default settings for logging to the Window, and logging to the File is that the ﬁle contains directory listings, and the window does not. You are welcome to customize the details that you want logged.

Caches

This is a listing of static caches. Static caches are directories that would normally take a lot of CPU time to load…but they never change. This saves a snapshot of what they looked like and keeps it here for the next request for that directory.

The instructions are included in this window. To cause a cache to be updated, open the "caches" folder in the same folder as CrushFTP and delete the cache from there. It will then be recreated the next time a user hits that directory.

Verify File Content

This area lets you specify file type and creator similar like to the Internet control panel. It’s more than that because it also lets you specify what the first few bytes of the file should be. That way a user can’t upload a file they are calling a .jpg that is actually an MP3.

• File extension must be in this list option is a way to only allow upload of ﬁles that have an extension in the list. You could use this to prevent users from uploading any other ﬁles other than .html, .gif, and .jpgs.

• The type/creator are the MacOS classic type/creators you want set on a file of specifies types when they are uploaded. If you leave the data starts with fields blank, then the type/creator will just be set, and the file contents ignored. If however you do specify data starts with items, one of them must match how the file contents start or the file will be denied. This is useful to make sure people aren’t uploading garbage when they say they are uploading something else, or if you just want like a strict web files server, or MP3 server.

IRC

This is the tab for setting up all the IRC Bot’s settings.

• Auto start IRC bot lets you have the bot launched when CrushFTP is ﬁrst launched. Otherwise you have to do so manually from the FTP Server menu.

• Specify the server, port. user, pass if needed, nickname, and real name. These are all needed before the Bot can sign onto an IRC channel. The IRC bot logs all events/channel talk/commands to a ﬁle called "crush_ftp_irc.log".

• The channels tab lets you setup what channels the bot will connect to and what it does on those channels. In this example the bot joins the #crushftp channel. It notifies the channel anytime john uploads a file, and it broadcasts the other checked stats every 10 minutes to the channel. The stats the bot send to the channel are from the reports that CrushFTP keeps. Make sure to first click the add button to add a channel (include the # sign), and then make your changes followed by the save button being pressed. • Here a listing of commands can be built that the Bot will listen to and do various things. The example here is the authenticate command. The user issues the !auth "" "" to the bot, and it authenticates them based on the FTP users in the "lookup" server. If you have multiple servers, they have to issue the as well. By putting the %auth% variable in its line, CrushFTP knows that the data in this command should contain a user/pass and option server items. If successful, the user will then be able to do commands that are privilege restricted, such as getting a list of users on the server, or kicking a user. Plus they will be able to issue !search commands for finding files on the server (Use %search% as a tag to indicate the command is a search command.) All the commands here can be done publicly to the channel, or privately. Either way, CrushFTP responds back with /notice responses.

Secure SSL

This is the tab for setting up the SSL certiﬁcate for the server. It has a helpful command maker to allow you to generate a temporary non signed key so that you can use SSL. You could always pay for a certiﬁcate from Verisign as well. To use a (FTPS) SSL server you will want to create a new FTP server item on the IP_Settings tab running on port 990. Click "Yes" to making it secure. Now when you go to the user manager, you will be prompted to choose the server item you want to manage users for.

Special Features (These are features that just didn't really fall under any other category.)

Zipping on the Fly CrushFTP can automatically zip file, or folders on the fly if the user request the file in such a method. Say for example there is a folder named "WordDocs". Here is a sample directory tree: parent directory is "/user1files/" WordDocs --directory / folder notes.txt --file iTunes -- Application (stored as a directory / folder in OS X. Its real name would be listed as "iTunes.app".) ftp://192.168.1.100/user1files/WordDocs.zip

That example URL would download the entire WordDocs folder as a single zip file. You then expand the zip file to get back to the contents it had. The same would be true if they wanted to download a whole application. Downloading the application iTunes from one computer to another would take quite a long time since its actually a folder consisting of thousands of files. If you however used: ftp://192.168.1.100/user1files/iTunes.app.zip

The entire application would be downloaded in just seconds. You then expand the .zip ﬁle to get back your original application.

Zipping on the fly does means that naming a folder WordDocs.zip won't do anything at all. File and folder names stay the exact same. When the user requests a file, CrushFTP first looks for the file (example:WordDocs.zip). When it doesn't find it, it looks to see if you have put ".zip" on the end of the name. If so, it zips it as you request it. It does not zip it first on to your HD before starting. CrushFTP does first get a list of all files and directories that will be involved, but the zipping happens as you download.

When downloading a file that is being zipped on the fly, it is not possible to resume the file transfer if it should fail. You also cannot get an accurate size estimate on the .zip file since it hasn't actually been zipped yet.

MacBinary Encoding on the Fly CrushFTP can automatically encode files into MacBinary 2 format on the fly if the user request the file in such a method. The method in which it works is the same as the above zipping on the fly, except for two things.

1. You can resume a file being encoded on the fly. 2. You can only encode files on the fly, not whole folders. ftp://192.168.1.100/Netscape4.bin

Auto Kick Old Sessions During Login Say you are connecting to a CrushFTP server that only allows you to have one user connected at a time. Suddenly, you get timed out, or disconnected. You try and connect but no matter what you do, it always says you've reached the max logins your allowed. Since your old login is still connected and hasn't timed out, you are stuck. Well, there is a workaround. If you put a "!" in front of your name, it will disconnect any other sessions belonging to you that are still connected, and then try and authenticate you. So if my username was "testuser" I would put "!testuser" for my username, and any old sessions of testuser thatw ere still connected would be kicked before it tried to log me in.