So, I've got two web design clients that share the same outsourced IT guy. He seems to always advise his clients to host their own web sites, so I end up dealing with him a lot. "Why?" you may ask? That's because he won't open FTP access. I have to email him the files I want to update, along with the locations of said files. Yeah, really. He says he's tired of people using trying to use FTP to gain access to the servers. Ummm, ok. Isn't that what a password is for? Here's why I'm posting in Server Administration. Can anyone give me an idea of what's going on in this guy's head? Let's take it as a given that he trusts me, cause we have mutual friends. So, then.....what? Is he paranoid? Does he not know how to secure a server? Something else?
Probably he doesn't know how to configure a ftp server and he has a main account to access the whole server. Imo that's why he doesn't want to share the user & pass with u.
Well, he's been doing this kind of work for at least 10 years, so I'm not sure that's it. Actually, I used to have access, but he said that he shut it down because he got tired of looking at the logs and seeing people trying to break in. I definitely didn't have universal access. How plausible is his reason though?
That's strange then, so he detected bruteforce attacks to ftp, but that's normal, he should install a bruteforce detector like bfd to avoid attacks to ftp (when an attack is detected ip is automatically banned), he's a bit paranoid ;P
Well sounds to me like he's a bit off. FTP isn't perfect but disabling it b/c of supposed attacks is bogus. More to the point it just sounds like he likes being a pain. Why don't you tell him to set it up so you can just call and have the FTP server turned on when you need access? Really makes me wonder how he's accessing the servers. I bet he didn't disable SSH cause everybody aims for that.
Are you on dialup or somthing where your IP changes constantly ? All he should have to do is tell the firewall it should only accept FTP connections from certain addresses, yours being one of them.
Good suggestions all. Shallowink, we did try your suggestion at one point, but I started running into problems with not being able to get ahold of him when I needed it. You know how it goes....client emails a "doitrightnowthisisanemergency" job, and then it takes a day and a half for me to get my access. It works, but it's not ideal. In response to Joebert, I'm supposedly on a dynamic IP, but my neighbor with the same access said his hasn't changed in a while. I might try that route and see if he's amenable. As to a bruteforce detector or SSH, this stuff is starting to get out of my league. I'm just a designer who thinks HTML is a programming language I did a brief search on both those items, and I'm not sure that I know enough to have a conversation with this guy about it. He may or may not be paranoid, but he's definitely somewhat vain, and how would it look if this designer comes along and starts harping on him about stuff she doesn't know anything about? I think if the IP filter route doesn't work out, I may try to work in one of those other suggestions. Thanks for the perspectives!
Well, I didn't know your gender but I would bet money (and lots of it if I had it ). That is behind some of his bs. Its just flat out amazing that every webhosting company on the planet can offer FTP access to complete strangers and ward off hack attempts but this guy can't secure a server? Joebert's solution is probably the safest route. If your ip does change, most cases it won't change for months on end. I have had cable and dsl connects that stayed static for over 6 months. If it does change it would only be a minor issue for him to alter the ruleset.
I just looked at my posting records on a forum I've been a member of for 4 years, and I've had the same IP address since early Nov of 2006. Over a year. I'm on a normal run-of-the-mill home cable connection in FL, USA.
Well, I just sent off an email asking him for the IP filter solution, so we'll see what happens. I wonder sometimes if there's some bit of laziness in it. This is the same guy who tells businesses to post email addresses on their web site in the info[at]domain[dot]com format in order to reduce their spam. That's some enterprise solution for you, eh? I'll post his reply when I get it if it's interesting.
to me more like he has a normal shared hosting and providing back hosting on his account. and he doesnt know or want to add new ftp for each person. ex: buying hostgaotr or some overselling plan and selling them off again.