Help me with a weird FTP bug.
December 11, 2007 2:22 PM   Subscribe

Weird bug with ftp / php5, details inside.

Okay. So a friend has this client and she is trying to use Transmit to access her website files. When she attempts to drag photos into the "Gallery" section of the site, it refuses to do so.

Then, some random folders get created that look something like "PORT XX,XXX,XX.. with the X's being numbers. After this happens, she loses priveleges, like deleting and renaming folders.

She's on a brand new MacBook pro running Leopard. My friend can't reproduce it on his MacBook, and I can't on mine. Any ideas?
posted by lazaruslong to Computers & Internet (10 answers total)
Best answer: You know, I've been getting some very weird behavior out of some of Transmit's latest builds, and a cursory glance at some of their customer input online indicates that a lot of people share the sentiment that the quality of work Panic is putting into Transmit is declining. So my first suggestion would be to try a different FTP client. I know that I'm still using 10.4 and have permissions problems I've never seen before in my life with Transmit, and it prevents me from editing certain files. I would assume Transmit on Leopard might have even bigger issues. Why you bring up php5, I dunno.
posted by phaedon at 2:49 PM on December 11, 2007

Response by poster: I bring up php5 because I don't really know what I'm talking about and was just relating all the info I had.

Thanks for the input on Transmit; my first thought was since I was using Fetch, my friend was using CyberDuck, and she was using Transmit, and we had no problems, that it was probably a software bug. And it's a brand new machine, so that seemed to rule malware out.

We'll try that and see what happens.
posted by lazaruslong at 3:02 PM on December 11, 2007

Well, I hear YummyFTP is great.
posted by phaedon at 3:15 PM on December 11, 2007

Best answer: It's clearly a bug in the software, somehow PORT commands that are how FTP negotiates setting up its sessions are being rerouted into the names of newly created folders instead of going across the network to the remote server. I'd ditch the program, whoever's writing it doesn't have any idea what they're doing. It's a mistake on the order of having the wiper fluid reservoir in your car having a second line into the gas tank.
posted by scalefree at 3:49 PM on December 11, 2007

Best answer: Wow, that's not good. I sure hope it's the FTP client. Can you turn on verbose logging on the FTP server to be sure? For instance with vsftpd you would use log_ftp_protocol=YES.

The PORT command is used in active FTP to let the server know how to contact the client. Active FTP is really an ancient relic and should be avoided where possible. Ideally the FTP client should be using passive FTP, it's usually just a check box.
posted by dereisbaer at 4:49 PM on December 11, 2007

Response by poster: Huh. Weird.

She replicated the problem in Filezilla and Cyberduck. Then she went to a different coffee shop with a different wifi service, and the problem disappeared.

No idea why that fixed it, but c'est la vie. Thanks for the tips, folks.
posted by lazaruslong at 6:40 PM on December 11, 2007

Best answer: If the problem is localized to that one coffeeshop, it's probably the firewall they're using that's mangling the connection to produce that weirdness rather than the client she's using. FTP is a seriously twisted protocol. It's the appendix of networking, a holdover from pre-TCP/IP days & makes you do things to accommodate it that no other protocol does, which makes it a little tricky to program. But still, you should never be seeing artifacts like PORT command info showing up in a folder name. That's just wrong.
posted by scalefree at 8:46 PM on December 11, 2007

Also worth reminding her that transmitting secure info (like FTP passwords) over an open wifi network is probably not a good idea.
posted by katieinshoes at 9:02 PM on December 11, 2007

I think scalefree is thinking along the correct lines, but I'm skeptical the problem is caused by a firewall or even network address translation (NAT). It's possible but not the most likely situation since those typically block or mangle at the addresses level and don't mess with the payload. Given what you know now, I'm thinking there is a transparent FTP proxy server somewhere at the coffee shop or the coffee shop's ISP that is mangling the payload of the packets.

Or, given the public location and that normal FTP is clear over the wire, there's also the possibility that somebody was performing some sort of man in the middle attack.
posted by dereisbaer at 4:16 AM on December 12, 2007

Response by poster: Thanks again smart folks.
posted by lazaruslong at 8:58 AM on December 12, 2007

« Older Where is this batman panel from?   |   My front door needs a "Mark as Junk" button Newer »
This thread is closed to new comments.