Pain the ass sales guy walks into my office uninvited. Looks at one of my screens which has sftp copying a lot of files and spewing out each one. He asks what that "nonsense" is.

I politely tell him that it is all his sales data and I am deleting it. At which point I got up and went to lunch with no further discussion.

The next phone call I received was from my boss asking me to stop fucking with the sales people. I hope he learned to knock after this.

During a company wide status meeting where all product managers, architects and directors assemble:

Me: *A product architect leading a team of devs*

Directors: So are there any issues or risks you see in delivering the next build in target time for Client 1?

Me: There are too many changes in feature requirements. First they said we can use a shared NFS for storage. Now they are asking to switch over to SFTP pull mode.. blah blah..

Directors: Oh I see.. well we can support both solutions then.

Me: But the deadlin..

Directors: *ignores what I say* Will be a good marketing point for future.

Me: But there are too many regressions in integra..

Directors: *ignores what I say* We should also meet deadlines. That is the most important thing.

Me: Its not as easy as 1+1=2.. The team needs more time to..

Directors: *ignores what I say* Ok lets move on to the next point. What about Client 2?

Me:

This happened quite sometime ago.

I received a client, reputable university in my country. After all the paper work was done, I was emailed access to one of their AWS server, FTP where the username and password were both admin. I didn't say much to them at that moment.. Maybe they had some precautions?

Over night I received another email, around 3am,

"Hi Uzair, we've monitored a breach while leaving FTP access open."

Well, that was sorta expected.
I received SFTP access to the server the following day,

username: admin,
password: @dmin

First lecture of computer networks. Let's shove all of these abbreviations with their meaning, and possibly a associated port number in one 1.5 hour lecture:

HTTP, HTTPS, FTP, FTPS, SFTP, TCP, IP, UDP, ISP, DSL, DNS, LAN, WLAN, WDM, P2P, TELNET, PGP, TLS, SSL, SSH, MIME, SMTP, POP3, IMAP, IANA, DHT, RTT, DHCP

I really feel sorry for students who didn't have previous knowledge about this stuff..

Fucking fuck you STRATO. This cancer of a german hosting provider just should be shutdown for crimes against reason. Our website got infected by some shit (I'd like to not state why, there is only so much pressure my main arterie can handle) and now we are supposed to remove that file. Well they blocked all incoming and outgoing traffic to the server so we cannot connect via sftp, the only choice you got with STRATO. And they wont restore network access for the server unless we remove the file. No logical loop to see here citizen, please move on.

Who says Windows is useless....

Running a python script to swap wifi networks, auto connect to VPN servers, run SSH commands and SFTP files to servers, downloading numerous files, sifting through outlook for emails, running excel macros for data cleansing, cell merging and formulas all at the click of a button 😱

Oh yea.. this is all 1 task that I never have to do again😂

Windows is useless for development you say? 🤔

Does anyone know a provider for webhosting with this needs?

- decently priced (~4€/month)
- domain included
- email stuff included
- no analytics/cookie stuff from the provider (that's the point of change)
- easy sftp access
- ssl included

Hey there!

So during my internship I learned a lot about Linux, Docker and servers and I recently switched from a shared hosting to my own VPS. On this VPS I currently have one nginx server running that serves a static ReactJs application. This is temponarily, I SFTP-ed the build files to the server and added a config file for ssl, ciphers and dhparams. I plan to change it later to a nextjs application with a ci/di pipeline etc. I also added a 'runuser' that owns the /srv/web directory in which the webserver files are located. Ssh has passwords disabled and my private keys have passphrases.

Now that I it's been running for a few days I noticed a lot of requests from botnets that tried to access phpmyadmin and adminpanels on my server which gave me quite a scare. Luckily my website does not have a backend and I would never expose phpmyadmin like that if I did have it.

Now my question is:
Do you guys know any good articles or have tips and tricks for securing my server and future projects? Are there any good practices that I should absolutely read and follow? (Like not exposing server details etc., php version, rate limiting). I really want to move forward with my quest for knowledge and feel like I should have a good basis when it comes to managing a server, especially with the current privacy laws in place.

Thanks in advance for enduring my rant and infodump 😅

Never mess with a motivated developer. I will make your life difficult in return.

Me: we need server logs and stats daily for analysis
DBA: to get those, you need to open a ticket
Me: can't you just give me SFTP access and permissions to query the stats from the DB?
DBA: No.

*OK.... 🤔🤔🤔*

*Writes an Excel Template file that I basically just need to copy and paste from to create a ticket*

This process should not take me more than 2mins 👍😁😋🙂😙😙😙😙😙😙😙😙

For them.... 😈😈😈😈😈😈😈😈😈😈😈

3 in 1
---

If your project needs more than three sentences to describe and the budget is not in the high four digits or preferably five, then you're clearly not fucking paying enough

---

Clients that just write a "?" after you wrote a very detailed tutorial, which even a fucking skunk could do, if given a fucking mouse and keyboard, are just the fucking laboratory perfection made retards

---

I just LOVE IT when my internet drops out for under a minute, so windows doesn't notify you yet and your sftp client trashes both local and remote files

Pushing changes to production via SFTP. Luckily I don't work at that company anymore.

Ah, my brain, MY FUCKING BRAIN!

Got some work from the previous company. Need to update some stuff on their website.

Fine, got the files from the server via sFTP.

Made the changes, before uploading the files, wanted to create the latest backup.

Downloaded the files again, just to realize that I forgot to cd into a different directory before re-downloading the files. All the changes are now overwritten.

Half an hour of work lost. DAMN IT!

Oh man, I fucked up...
I was doing after hours work for client, setup website with https.

Can't work over sftp with current user,so I give it the same user ID as apache, get files transferred and shit.
Go back to change uid, set wrong uid, now my user is ntp, I can't get into root, can't set password...
I fucked up

Tail between the legs, sent email to clients support, asking them to fix my user fuck up, waiting for reply

After all this time it's back to the basics mhm? Maybe yoloing PHP via SFTP to a single machine along with few thousand LLOCs of vanilla JS wasn't such a bad idea after all...

Make all fancy Azure blob storage with SFTP connection through firewall with dedicated public IP.

...to just find out that the webcameras you want to send stuff to the blob storage take in max 16 or 30 character passwords for sFTP. While the autogenerated passwords for SFTP in Azure are 32 characters long.

WHO THE HELL RESTRICTS PASSWORD LENGTH!? ASfjksdnfjksdjfnjksdakfadsnjkfjdsa

Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!

System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.

Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.

Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.

That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.

We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.

Hella excited about this!

If you guys have any suggestions let us know. We are utter noobs when it comes to this.

The coolest project I ever worked on wasn't programming per second, though it involved a bit of scripting. The company I worked for had an FTP over TLS backup solution and it was put together with glue and paperclips by a guy that hadn't the slightest idea what he was doing. In order to conform with the insurance, data had to be encrypted. I setup a raid-ed server with full disk encryption on the raid volume that fetched the key over the network at boot from another secure server. I wrote a series of scripts for provisioning users and so on. The backup connections was sftp using a ssh tunnel, the users were chrooted to their own home directories, and were unable to open shells. The system was 100x more robust and secure than the original. I set it up on short notice and received absolutely no recognition for saving the company's ass, but it was definitely a fun project.

Oh my damn god,
I just found the remote-server plugin for vsCode and holy fuck balls, it's the one thing I've wanted from vsCode since ever.

When you dev in VMs and are forever working with remote code using SFTP and git on a remote servers, it's a pain in the ass.
But this, god damn this solves all of that, and with connection specific plugins, I think I just came.

We use at our company one of the largest Python ORM and dont code ourselfs on it, event tough I can code. Its some special contract which our General Manager made, before we as Devs where in the Project and everything is provided from the external Company as Service. The Servers are in our own Datacenter, but we dont have access.

We have our Consultants (Project Manager) as payd hires and they got their own Devs.

Im in lead of Code Reviews and Interfaces. Also Im in the "Run" Team, which observes, debuggs and keeps the System alive as 3rd-Level (Application Managers).

What Im trying to achieve is going away from legacy .csv/sftp connections to RestAPI and on large Datasets GraphQL. Before I was on the Project, they build really crappy Interfaces.

Before I joined the Project in my Company, I was a Dev for a couple of Finance Applications and Webservices, where I also did coding on Business critical Applications with high demand Scaling.

So forth, I was moved by my Boss over to the Project because it wasn't doing so well and they needed our own Devs on it.

Alot of Issues/Mistakes I identified in the Software:
- Lots of Code Bugs
- Missing Process Logic
- No Lifecycle
- Very fast growing Database
- A lot of Bad Practices

Since my switch I fixed alot of bugs, was the man of the hour for fixing major Incidents and so on so forth. A lot of improvements have been made. Also the Team Spirit of 15+ People inside the Project became better, because they could consult me for solutions/problems.

But damn I hate our Consultants. We pay them and I need to sketch the concepts, they are to dumb for it. They dont understand Rest or APIs in general, I need to teach them alot about Best Practices and how to Code an API. Then they question everything and bring out a crooked flawed prototype back to me.

WE F* PAY THEM FOR BULLCRAP! THEY DONT EVEN WRITE DOCUMENTATION, THEY ARE SO LAZY!

I even had a Meeting with the main Consultant about Performance Problems and how we should approach it from a technical side and Process side. The Software is Core Business relevant and its running over 3 Years. He just argumented around the Problem and didnt provide solutions.

I confronted our General Manager a couple of times with this, but since 3 Years its going on and on.

Im happy with my Team and Boss, they have my back and I love my Job, but dealing with these Nutjobs of Consultants is draining my nerves/energy.

Im really am at my wits end how to deal with this anymore? Been pulling trough since 1 year. I wanna stay at my company because everything else besides the Nutjob Consultants is great.

I told my Boss about it a couple of times and she agrees with me, but the General Manager doesnt let go of these Consultants.

Even when they fuck up hard and crash production, they fucking Bill us... It's their fault :(

Long story short:

Just had several problems with using some drone ci plugins (hugo and sftp). Found issues regarding the problems on GitHub. Issues have been open for several years. Still open. Tried to participate or ask for the state. Got a "no one else got a problem with this". Recoded both plugins. Tested them. Using them now. Source is on GitHub. Posted them as alternatives on drone's discourse. Got flagged as spam.

Nice. Not using Drone again. Searching for an alternative now.

Little extra: I think they banned me from posting GitHub links on their discourse.

I don't know if my boss just wants me to learn how to use a new internal deployment process or just likes giving me unnecessary low-value work to take up time...

I could and have just copied the program via SFTP and unzip it to set it up....

(This is a testing and does not need to be in production...)

I have better things I could be doing and just want to get this done and closed but ...

I have this little problem,

there is no constant electricity In the country where I live, in fact for the past 4 days there was not a single blink.

I enable auto save on my vs code to save me from tears,

now I have a file server with backup batteries and since it's a laptop mobo that was converted to a server, hooking up the battery was a no brainer.

I just saved copies of my files on it and if I edited any of them I'll just overwrite the file. this was only possible if I did this before the power goes out or else I am stuck again.

I decided to try vs code extensions that will save me from all that copy and paste work.

tried ssh, unsupported architecture error, didn't care I just needed ftp or sftp

I tried the simple ftp/sftp extension. worked pretty well. allowed me to connect to the server and add the remote directory to my workspace and with autosave the changes are uploaded immediately which means once power is out I can continue on my mobile phone(I have some android text editors that support ftp).

little problem. I discovered some things just don't work. even if I opened the whole directory, the contents will not be loaded unless I open them up like stylesheets and images and whatnot.

imagine having to open every single damn file before it appears on the browser, very annoying.

I need a solution, I have really tried.

I am supposed to make a module that does sftp to third parties. Users put in their credentials and we connect and dump files on their servers. It seems like a terrible idea. We don’t administer those computers or define anything about their security. We don’t know if they are entering third party credentials or handling data according to our TOS. Can’t we just send them a presigned link by email on a schedule or something?

Fuck ssh. It does 4 things at once and i couldn't get it to do one. I have some pi's and want a shared directory on each of them. On a server i created a user for that and mounted its home directory on a pi, it worked. I did some lockdowns (no shell, only sftp allowed, login only via keyfile), but i was still able to mount it on boot.

Now i had to migrate this setup to another server. It took me a while copying all the configuration etc. All i got for that was a error-message. I figured out the users home-directory had to be owned be root, fixed that, got another error message. Somehow scp didn't use sftp but the login shell which is /usr/sbin/nologin. That made scp (and sshfs) fail, even though it perfectly works with the other server.

I gave up and removed all the setup. I'll find another distributed filesystem for that (but not samba or nfs, those are way to complicated). Those are the setbacks that depress me.

SFTP timeout errors.. nothing to find in the logs (if i look in the right logs that is) and my balls hurt. My evening cant get better lol

I've been programming for 15 years now or more if I count my years I programmed as a hobby. I'm mostly self learned. I'm working in an environment of a few developers and at least the same amount of other people (managers, sales, etc). We are creating Magento stores for middle sized businesses. The dev team is pretty good, I think.

But I'm struggling with management a lot. They are deciding on issues without asking us or even if I was asked about something and the answer was not what they expect, they ask the next developer below me. They do this all the way to Junior. A small example would be "lets create a testing site outside of deployment process on the server". Now if I do this, that site will never be updated and pose a security risk on the server for eternity because they would forget about it in a week. Adding it to our deployment process would take the same time and the testing site would benefit from security patches, quick deployment without logging in to the server, etc. Then the manager just disappears after hearing this from me. On slack, I get a question in 30 minutes from a remote developer about how to create an SSH user for a new site outside of deployment. I tell him the same. Then the junior gets called upstairs and ending up doing the job: no deployment, just plain SSH (SFTP) and manually creating the database. I end up doing it but He is "learning" how to do it.

An other example would be a day I was asked what is my opinion about Wordpress. We don't have any experience with Wordpress, I worked with Drupal before and when I look at a Wordpress codebase, I'm getting brain damage. They said Ok. The next day, comes the announcement that the boss decided to use Wordpress for our new agency website. For his own health and safety, I took the day off. At the end, the manager ended up hiring an indian developer who did a moderately fair job. No HiDPI sprites, no fancy SASS, just plain old CSS and a simple template. Lightyears worse than the site it was about to replace. But it did replace the old site, so now I have to look at it and identify myself part of the team. Best thing? We are now offering Wordpress development.

An other example is "lets do a quick order grid". This meant to be a table where the customer can enter SKU and quantity and they can theoretically order faster if they know the SKU already. It's a B2B solution. No one uses it. We have it for 2 sites now and in analytics, we have 5 page hits within 3 years on a site that's receiving 1000 users daily... Mostly our testing and the client looked at it. And no orders. I mean none, 0. I presented a well formatted study with screenshots from Analytics when I saw a proposal to a client to do this again. Guess what happened? Someone else from the team got the job to implement it. Happy client? No. They are questioning why no one is using it.

What would you do as a senior developer?

- Just serve notice and quit
- Try to talk to the boss (I don't see how it would work)
- Just don't give a shit

So i'm trying to upload a file to an SSH server using node. First I try the obvious putFile method provided by the obvious node-ssh package. On any other server this would work fine but this server doesn't have sftp installed so that doesn't work.

OK, so next I learn how scp works (it runs the command "scp -t" on the remote server, and sends to stdin a command like "C0666 1234 file.txt" and then sends the contents of the file) and I write some javascript code to do this. It's pretty finicky, the first few tries I forget to close the stream right or detect the program finishing. I add some logging and that helps me figure out what the problem is, and finally I get it to not output any errors.

So I log into the server and check and the file isn't there. I try again several times, file still isn't there. I try running scp -t manually on the server, typing in exactly what my program is sending, and it works. This goes on for a while until I realize that I've been sending a file to one server and logging into a different server to check if the file was sent. grrr

I finally have a server at DO. First time I had to set up a server on my own. Now I have an Ubuntu 14 running apache2, php5, memcached, beanstalkd, supervisor, sftp, vhost-manager, etc...

I really like the whol env and learning but I have to admit, I'd really like to see some GUI for all these things. At least for host management... And honestly I could use some advice on a proper web server setup.

I‘m currently trying to get an SFTP user for our school's webspace (preinstalled WordPress, don't hate it - it's "great" for non-"it" people) and our network administrator means that he can't create one for me because I would have access to all files on the server.
WTF, you can create SFTP users on Linux and restrict their access and even set a home directory.

Yeah, now we need to forget about themes and plugins in WordPress.

(He said that he also can't create an FTP user)

Just a quick question for ppl that deploy websites through FTP: how are y'all deploying your sites?

Which tools do you use?

SFTP Password: 'ElvisLives'
User: root

... let's go play around *eg*

What is the best approach for Continuous Integration / Continuous Delivery/Deployment? I'm using SVN as code repository and I need to identify the files that goes to Test/QA env. and the ones that goes do Prod env. (by Commit message or something else) via sFTP.
Any help would be appreciated. Already tested Jenkins, GoCD and Jetbrains Teamcity.

"the fight between tor and regimes that censor the internet is a fight of \"well that's not quite apache so it's tor\""

hear me out here:
then fucking don't be.

Switch it up a little, get creative! No one's gonna expect you to be relaying Tor through like a Minecraft chat or a fucking Doom server or over SFTP or Teamviewer or...

(of course it's not gonna be those protocols but they're already faking Firefox/Apache signatures so do that shit with other protocols)

Would it be possible to use (S)FTP protocol in conjunction with push technology rather than pull? Perhaps websockets since both use TCP?

Say, something like an external server periodically sending my server files and when a new file arrives, I will get a notification. This instead of constantly polling my directory to check if there are files in it.

I think I can see this done with an Angular page that gives me a notification when a new file arrives on my FTP.

I think it might turn into an interesting little hobby project..

What does everyone use to sync/upload/download files to servers? (For files not relevant/necessary to git)

I've used sftp drive, ssh, filezilla but the best solution for me so far has been using torrent syncing (I.e SyncThing). Any other good contenders/suggestions?

Any of you guys use jsch for sftp in Java? Do you know who invented it? Where they live? If they have dicks that can be punched?

Which extension do you recommend for VS Code, which has most of the features of SFTP package by Will Bond for Sublime Text?

If I use a connector to pull files from an SFTP server and when I configure it to pull all files from the root folder after it logs in but it actually pulls from the machine's root directory, is that really an SFTP server or just a server? Is that even secure?

So let's say you're theoretically hosting a website on Google's cloud platform with GoDaddy, but you have the code on your local PC. How would you go about updating it?

For now, I've just been SFTPing into the cloud server and updating it.

On Linux I want to scp a file from Machine B to my machine A.

Assuming B allows all connections is any key/cert file exchange needed?

I recall whenever I SSH to a new machine I need to accept a key on the first connect.

Guess general question is what is the connection process between 2 Linux machines for sftp purposes?

</rant>
I know this is not the place to be asking questions but does anyone know about a ftp/sftp client that syncs your bookmarked servers with some cloud solution (e.g. Dropbox, ...)?

This would be really nice to have for teams/people with multiple laptops.