This repository has been archived by the owner on Nov 1, 2023. It is now read-only.
Releases: kolya5544/BearFTP
Releases · kolya5544/BearFTP
Ban DoS fix
v0.4.0 -> Active mode, local CMD handler, cool stuff
- Proper mitigation of slow loris base attack by implementing configurable amount of maximal allowed threads to be spawned (def. 50 a.k.a somewhere about 20 clients or 10 bots) (CVE-2020-8815)
- Anonymous private version usage statistics implemented (toggleable)
- Active mode implement
- Local command handler to edit config on-the-fly (see COMMANDS.md)
- Config option for disabling outputting to console
- Fix of metasploit exploit not working properly due to temp.limitations
- Fix of incorrect date in LIST (was broken in some clients)
- Removal of file dumping function (will be re-added back after some code cleanup)
v0.3.1 -> Small fixes
- Fixed AllowAnonymous handling (oops)
- One more attempt to fix encoding break on some characters (only affects console)
- Fixed improper handling of incoming data on base socket (a.k.a base socket thread overuse fix)
v0.3.0 -> Big configuration update!
- Toggleable anonymous logins
- Per-IP logs (create "iplogs" folder for it to work properly)
- Max connections per second and max active connections are now changeable
- Buffer size can now be changed (def.8192)
- Fixed lower-case command handling
- Final attempt to fix an encoding bug related to outputting control characters
- Changeable bantime
- Toggleable ban on big amount of errors (a.k.a some sort of service probe)
- Moved default config to Resources
Tested to work: Windows 10, Ubuntu 18.04
v0.2.1 -> Minor bug fixes. Ping fixes
- Bans fix
- Fixed clients requesting RETR and STOR right after PASV without actually connecting to it properly (a.k.a high ping PASV fix) (There are still troubles with big files (more than 1 MB))
- Minor fixes of improper command handling
- Increased block size for RETR from 2048 to 8192, potentially increasing the speed of download
- REST command handling (improper but still)
- Fix of CLNT command
v0.2.0 -> AntiSpam Beta update!
- Fixed "errors" handling, designed to prevent users spamming invalid FTP commands
- Fixed PWN not being logged due to its size
- Added "connections per second" and "total connections" antispam for default port
- Added "total connections" antispam for PASV port
- Fixed PASV mode handler not checking for default port connection, as well as fixed handling of non-active users (CVE-2020-8416 fix)
- Passive mode now autodisconnects AFK persons after 120 seconds of inactivity (Beware when sending big files!)
- Minor bugfixes
v0.1.0 -> Big files Beta update!
- Ability to RECV files more than 2 kbs in size
- Ability to add byte[] contents to files (a.k.a you can now send .exes over FTP)
- JSON format fixed
- Possible fix of unique characters breaking encoding of logs.
- Download speed limited to 40 kbit/sec.
v0.0.1 -> GitHub Beta!
We actually moved from hardcoded values to configurable stuff, and made BearFTP an opensource public project.