[Discuss] The dangers of ASCII mode

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: [Discuss] The dangers of ASCII mode

Post by Martin Truckenbrodt » Fri Sep 16, 2011 3:21 pm

Hello Steve,
the styles and languages thing can be placed and should be placed at the application root. If one of these files should be broken then always you should be able to replace it with a fresh or modified file from the phpBB3 core package and/or the MOD package(s).

The config.php still can be placed at the application root. There it just a second root variable/contstant needed. This value can been checked and asked (to overwrite a default value) by the install procedure, too.
E.g. (on-the-fly)
folders:
./phpBB3/ - phpBB3 application root
./phpBB3_data/ - phpBB3 data root
./index.php - a simple file which just is redirecting to ./phpBB3/index.php - If a webmaster has the forum added to this website using an own layout then this file is not needed. Then there just an entry at the website navigation bar is needed.
CONFIG_TABLE:
data_root = ../phpBB3_data/

Hello Tabitha,
Robert got it:
If you are updating or modifying the board then you just have to upload the whole application root. This always is an upload.
Backuping up the data root always means a download. Normally you should need this data only for restoring a board or for changing the provider or contruct, means moving the board.

Hello Robert,
only professionals are reading manuals before the are trying and using a new software. ;)
Beginners and newbies are happy about their board. They are looking for the problem the first time after their avatars and images have been broken the first time. ;)
IMO the information has to been placed at the docs folder. Also it should be displayed at the initial setup procedure and the ACP backup page, too. IMO The last place is the phpbb.com KB or the phpbb.com support forum. The information should talk about all of the most popular FTP clients.
I got this problem several times. And I'm an IT professional. (But phpBB or better the my boards are one of my hobbies.) My problem is that sometimes I'm too much stressed up by myself. :? ;) And then I'm forgetting to be carefully. :arrow: Then I'm just uploading the whole content of the phpBB3 root folder replacing all files by date. ... :cry:

Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

Blazeflack
Registered User
Posts: 50
Joined: Sat May 16, 2009 2:00 pm

Re: [Discuss] The dangers of ASCII mode

Post by Blazeflack » Fri Sep 16, 2011 10:18 pm

Thanks for the info, I wasn't aware of this.
I use FileZilla myself and have now set it to use binary mode with extensionless files.

Thanks!

Son of a Beach
Registered User
Posts: 294
Joined: Fri Sep 07, 2007 1:36 am
Location: Tasmania
Contact:

Re: [Discuss] The dangers of ASCII mode

Post by Son of a Beach » Thu Sep 22, 2011 5:56 am

I'm not really affected by this (I never use FTP), but is there any reason why phpBB could not use some generic filename extension that is meaningless to MIME, and will not be executed on the web server?

Such as:

4932_89fc1b436d506276e1dd63b33c78d4f0.phpbb_attachment

User avatar
Lumpy Burgertushie
Registered User
Posts: 66332
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: [Discuss] The dangers of ASCII mode

Post by Lumpy Burgertushie » Thu Sep 22, 2011 3:06 pm

Son of a Beach wrote:I'm not really affected by this (I never use FTP), but is there any reason why phpBB could not use some generic filename extension that is meaningless to MIME, and will not be executed on the web server?

Such as:

4932_89fc1b436d506276e1dd63b33c78d4f0.phpbb_attachment
not having a file extension is not the problem. the problem is how files with no extension are transferred by the ftp program.

if you gave it some generic ext. that your ftp program did not recognize then you would still have to make sure that the ftp program knew that you wanted it to be transferred as binary and not ascii.

also, if you do not use ftp how do you transfer files to and from your server?

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: [Discuss] The dangers of ASCII mode

Post by callumacrae » Thu Sep 22, 2011 6:01 pm

Lumpy Burgertushie wrote:also, if you do not use ftp how do you transfer files to and from your server?
A lot of web developers (myself included) don't use, and discourage, the use of FTP, as it is pretty insecure. This is for the same reason as telnet - the server can only handle usernames and passwords in plain text, so it is vulnerable to man-in-the-middle attacks. HTTP, POP and IMAP are all guilty of this too, but a rooted server is far worse than a hacked account on a website or hacked email account (in the majority of cases).

A couple alternatives are FTPS (FTP over a secure connection) or a combination of SSH and SCP (aka SFTP, but nothing to do with FTP).

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: [Discuss] The dangers of ASCII mode

Post by Martin Truckenbrodt » Thu Sep 22, 2011 6:54 pm

Hello Blazeflack and callum,
you are right if you are talking about professional enviroments. I think for private and hobby enviroments it's okay to FTP of the data is not really critical.

Hello Son of the Beach,
I think your idea is a good idea. It is not related to the FTP client and the FTP client settings.

Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: [Discuss] The dangers of ASCII mode

Post by callumacrae » Thu Sep 22, 2011 7:56 pm

Martin Truckenbrodt wrote:you are right if you are talking about professional enviroments. I think for private and hobby enviroments it's okay to FTP of the data is not really critical.
If a hacker gains FTP access, they could potentially execute a shell script that they have uploaded. Depends on how secure the server is, but it is entirely possible that if the hacker manages to gain access through FTP, they can then gain access to your server through a more powerful protocol such as SSH, through which they could use your server for spamming, part of a botnet etc. A server in a botnet is a server in a botnet - it doesn't matter what you're using the server for, you will get blacklisted, and your host will terminate your account.

Okay, using FTP doesn't automatically mean that your server will become part of a botnet, but it's worth bearing in mind that it is entirely possible.
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: [Discuss] The dangers of ASCII mode

Post by Martin Truckenbrodt » Thu Sep 22, 2011 8:41 pm

Callum95 wrote:... Okay, using FTP doesn't automatically mean that your server will become part of a botnet, but it's worth bearing in mind that it is entirely possible.
Hello Callum,
that's what I mean! Okay, people should be informed about this risc. That's true.
Newbies and beginners are able to install a phpBB board very easily. You don't need any know-how about PHP, SQL, XHTML/CSS, security and so on. ...
The installation of openSSH+WinSCP is very much more difficult. I've done it some months ago without having any good Linux and SSH basiscs. I'm a network professional (Windows world), but for this job I needed several days, at least to find well running How-Tos with Google (It's the dark side of OpenSource ; ) and to configure true home shares for the customers. I'm very happy that it is running now. ;) ...

Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 10339
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster
Contact:

Re: [Discuss] The dangers of ASCII mode

Post by Noxwizard » Thu Sep 22, 2011 9:26 pm

Noxwizard wrote:Please note that this discussion is not about why you should or should not use FTP or why client X is better than client Y.
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Do not contact me for private support, please share the question in our forums.

User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: [Discuss] The dangers of ASCII mode

Post by Martin Truckenbrodt » Fri Sep 23, 2011 1:21 pm

Hello Patrick,
the discussion is about the riscs of wrong FTP client settings, or not?
I don't think that this discussion if off-topic really.

Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 10339
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster
Contact:

Re: [Discuss] The dangers of ASCII mode

Post by Noxwizard » Fri Sep 23, 2011 4:38 pm

No, as the title indicates, the topic is about the problems caused by ASCII mode and the issues caused by FTP clients that send binary data in that mode.
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Do not contact me for private support, please share the question in our forums.

User avatar
AmigoJack
Registered User
Posts: 5588
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: [Discuss] The dangers of ASCII mode

Post by AmigoJack » Wed Sep 28, 2011 5:03 pm

IniCom Networks' FlashFXP by default transfers everything in binary mode, unless a file extension is defined in a list:
20110928_fxp_fileext.PNG
20110928_fxp_fileext.PNG (11.27 KiB) Viewed 2385 times
I've tested it with a file having CRLF that had no extension and it had the same size on the server, which operates on Unix. Also: I've never encountered such a problem - probably because I'm using this client for a pretty long time now...
The worst thing about censorship is ███████████
Affin wrote:
Tue Nov 20, 2018 9:51 am
The problem is probably not my English but you do not want to understand correctly.
...
We will not come anybody anyway, nevertheless, it's best to shit this.

User avatar
Volksdevil
Registered User
Posts: 2414
Joined: Sun Oct 03, 2010 2:03 pm
Location: Lancashire, UK
Name: Neil
Contact:

Re: [Discuss] The dangers of ASCII mode

Post by Volksdevil » Tue Dec 09, 2014 5:51 pm

Guys...I'm worried.

I only recently started using filezilla, I previously used to drag and drop from a folder on my PC, to another folder (On the server?)

Anyway, over the past couple of days I've backed up all of my websites, thousands of files, well over 25k but now I'm worried that they are corrupted :cry: Especially as I've gone and deleted my main/new 3.1.2 forum. I had never messed with any settings in filezilla so the box was 'checked' for treating files without extensions as asc11 or whatever it is.

I've just run a test backup (Downloading from filezilla) and I notice it does download certain things in this asc11 thing you speak of. Here's a quick snip, this is with the box now unchecked though:

Code: Select all

150 Opening ASCII mode data connection for acp_prune_users.html (3147 bytes)
Response:	150 Opening ASCII mode data connection for acp_ranks.html (3525 bytes)
Response:	150 Opening ASCII mode data connection for acp_prune_forums.html (3178 bytes)
Response:	150 Opening ASCII mode data connection for acp_profile.html (10279 bytes)
Response:	226 Transfer complete
So just to confirm, is it ONLY files without extensions that could be corrupt? None of the html/css etc will be corrupt? If so, what are those files without extensions?

Edit: Oh man...Looks like something has gone wrong? :cry:
Just looking at viewonline.php on the server (16,621 filesize) versus viewonline.php that I've downloaded (17,125 filesize) What's happened? :cry:

I don't understand any of this, I mean why are php files etc listed to be transferred as asc11?
wtf.PNG
wtf.PNG (53.7 KiB) Viewed 715 times
Last edited by Volksdevil on Tue Dec 09, 2014 5:58 pm, edited 1 time in total.
My phpBB Extensions
Finally found great Website Hosting from Image KUALO!
Do NOT use 123-reg.co.uk - Incapable of running phpBB!
:ugeek: TekNeil - Streamer on Mixer | My Volkswagen Corrado G60

User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: [Discuss] The dangers of ASCII mode

Post by Martin Truckenbrodt » Tue Dec 09, 2014 5:55 pm

Hello volksdevil,
yes.

Yes.

Uploads done by users, e.g. avatars, files, ...

Your example doesn't matter. Don't worry! Just different size shown in different OS.

Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

User avatar
Volksdevil
Registered User
Posts: 2414
Joined: Sun Oct 03, 2010 2:03 pm
Location: Lancashire, UK
Name: Neil
Contact:

Re: [Discuss] The dangers of ASCII mode

Post by Volksdevil » Tue Dec 09, 2014 6:00 pm

Hi Martin, thankyou for attempting to put my mind at ease... :)

Just so I know that I understand. Do you mean that because my server is Linux, and my PC is using Windows that the file size differences are OK?
My phpBB Extensions
Finally found great Website Hosting from Image KUALO!
Do NOT use 123-reg.co.uk - Incapable of running phpBB!
:ugeek: TekNeil - Streamer on Mixer | My Volkswagen Corrado G60

Post Reply

Return to “phpBB Discussion”