Comments
-
When is the next Hot Fix for this version expected to be released?
-
The RSA key was only added to one site/domain where there are only a few user/clients and few of our IT to interface with. And, now re-reading your comments, and my observing that the legacy server level 2017 dsa key was still present and your ++thanks to test, that it's not removed (me wanting to shout loud enough for SW…
-
Re-selecting is sketchy, I'm not sure how I would know if it was there and which; the SW Tech had me browse to one of the Rhinosoft folders and I think they said, "Yes, it's not here" clarifying "removed" as deleted from this location; however IF I was years ago the creator of this I would not have placed in that folder,…
-
Well, the working aspect of a key based on ssh dsa is not the problem, that's a choice, the problem as I see it is that it will likely be "removed" was the word used by the SW Tech, which I equate to deleted, meaning likely a new key added as I think you're asking will create the same basic problem, but add the aspect that…
-
The update was minutes and occurred at on a Friday at 22ish hour +8 so very unlikely... Plus there are a few issues... - any ssh dsa keys are automagically removed during the update - NETWORK SERVICE account with full rights, should be added to program and hosted folders So, far only noted impacted sites use JSCH and it's…
-
Please check the site tab, "IP Access" the client's IP, if there as Deny, then depending on your rules, to explicitly allow select IPs then you can Allow if you have this rule to list each IP for all clients, Or if not, then delete the IP on this tab. So, I found the IP, and deleted and waited for next client automation…
-
Day & Night difference dealing w/an SME for Serv-U... The tell was when the SW Tech couldn't find things = Ha
-
Found this... Here* Serv-U Server Details: The Serv-U Gateway (solarwinds.com) Apparently the system thinks (correctly in my case) that we need to renew the LIC, contact support if this isn't the case. *Here, To get to the above link, click the Properties button on the Gateway tab, then Help, then if you don't land on…
-
Where is it ? Can you see it ? The trick is to click at the top of the page, Forum Then we can see the Search bar, well, it's actually an, "Ask a question..." [ Ask ] button almost the same as search
-
I load each flat text daily log file and use MSSQL* to parse & search; so for instance if seeking a particular IP or Vendor user ID, I do an inner query to find the ID, (nnnnnnn) value and then get any rows matching that ID, HOWEVER the ID repeats so another limiter is needed to ensure that only relevant rows are returned;…
-
Same message in Gateway tab; stopped & restarted service on Gateway and the message remains Where is a reference to this message?
-
This is the main landing page for the Update, however there are other download links available where you can see the incremental Hot Fixes that you may need to install sequentially... Serv-U File Server 15.3.2 Release Notes (solarwinds.com) My advice is to both prepare for a long hold time, but to get a SW Support ticket…
-
I should'a posted this for easier finding... well painful reading Anyway, there are logs attached to show how bots, with the most simple methods, even a human could do it, change the recency & frequency of attempts to fall w/in the One-F'n-Rule, there should be unlimited rules w/user responsible to adjust as needed but…
-
so, yes it has been thanks. But that's part of the problem, I'm a knuckle head, and what I say should be well, well below what a Company like SW is capable of developing to thwart hackers & bots
-
here, here..! But the items to block by are too limited, consider that what I've seen is hackers guessing at the User Name, they could get lucky. And also what appears to be a bot set to get caught/blocked but then use the default SW as key, and then work-around, And also a bug, if it was 4 tires in 6 minutes, the next…
-
Hope this is On Topic - the rule to block a "user" who tries 4 times in 30 seconds and block for 5 minutes may punish a "person" but not a BOT Changing the rule to, 4 times in 8 seconds and block forever will not likely block a person, "what person tries 4 times in 8 seconds?", but this seems harsh, and may block a BOT,…
-
Jeffry, you do see the logs show that an elapse of n seconds to trigger a block even when the n attempts are exceeded; this is a bug or poor design? And having this One rule as with any single rule means the system is vulnerable to an intelligent attack?
-
did we dodge an issue having applied the prior HF then the upgrade... (?=not a question)
-
One aspect is that it takes the entire Time to Block, meaning if the limit were 4 Times in 8 Seconds, then the Block will not occur after 5 time until/unless 8 seconds have elapsed Instead the rule implies that exceeding 4, at the 5th attempt at [02] Sat 26Feb22 13:31:31 the block/Connection denied should have occurred,…
-
adding a few logs... 206.81.. as is 164.92... both added manually to | IP Access, set as Deny, However, 140.238 was added by noted rule (which is as intended) [02] Sat 26Feb22 12:41:12 - Connection denied from IP address 206.81.25.95 (local address ***.***.**.***, port 22) [02] Sat 26Feb22 12:41:58 - (001169) Connected to…
-
b) how to un-block an IP, find it in the list of Deny and remove (do not set to allow, simply remove)
-
calc2014, thanks for the re-post of the link originally provided; those details are understood the question is... *How do we know if we've been hacked unless a hacker tells me? In the article they didn't pay, which means there was an ask/notice from the hacker(s), so how would we know if we've been hacked ahead of time;…
-
If it were me, I'd use an FTP client application to encrypt, like pgp w/key as either "our" generic shared key or partner specific key Using SQL as our preferred scripting, any will do; evoke the FTP client app to copy the file to the shipping folder as encrypted
-
Yes, thanks for noticing, that is a purposeful and a co-crux issue to clarify as the PRay (public/pray) domain will be responding to dynamic IP. All this until someone offers an mFA that works for automation as well as manual user mFTP actions
-
yeah, but who's count...?
-
No, me beggin to differ, it's not on y'all, its based on if there have been enough instances passing 120 w/HF to abstractly communally satisfy... well unless you're not part of the community?
-
Are We Done Here? Have Enough Instances Passed the 120 hr Point with the HF to deem this resolved?
-
a) See you in 120 hrs b) I/local admin, followed the process stopping the service, then copy the 6-dll files to a bak_<date> folder, then over-write the existing dll using Win file manager/explorer So, no clue why you'd be able to remove but not over-write?
-
So far so good... showing Global Log is up since last Friday 4:30-ish when the HF was applied No Other Issues (screaming email saying mFTP isn't available...) [01] Fri 17Sep21 16:37:44 - Serv-U File Server (64-bit) - Version 15.2 (15.2.4.1327) - (C) 2021 SolarWinds Worldwide, LLC. All rights reserved.[01] Fri 17Sep21…
-
Well, (suggesting my prior posts are the answer) as well as some other helpful posts in this thread) 5 minutes past 120 hours, and all is right in the World...
