ftp.whtech - can't login as anonymous for last few months?

[firebottle]

Using WinSCP... anybody know what's going on?

[+Lee Stewart]

54 minutes ago, firebottle said:

Using WinSCP... anybody know what's going on?

 

Access is via HTTPS, not FTP: https://ftp.whtech.com/

 

...lee

[+OLD CS1]

3 hours ago, Lee Stewart said:

 

Access is via HTTPS, not FTP: https://ftp.whtech.com/

 

...lee

Why no ftp?

[RickyDean]

I keep getting this when trying to log in, figure things have been changed.

 

Status:    Resolving address of whtech.com
Status:    Connecting to 148.135.75.22:21...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Command:    USER anonymous
Response:    331 Password required for anonymous
Command:    PASS *********
Response:    530 Login incorrect.
Error:    Critical error: Could not connect to server
Status:    Disconnected from server
Status:    Resolving address of whtech.com
Status:    Connecting to 148.135.75.22:21...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Command:    USER anonymous
Response:    331 Password required for anonymous
Command:    PASS *****
Response:    530 Login incorrect.
Error:    Critical error: Could not connect to server

[+Lee Stewart]

52 minutes ago, OLD CS1 said:

Why no ftp?

 

I don’t really know, but I am guessing that anonymous FTP, without a password, has been disabled. Perhaps @arcadeshopper knows.

 

...lee

[+OLD CS1]

7 minutes ago, Lee Stewart said:

I don’t really know, but I am guessing that anonymous FTP, without a password, has been disabled. Perhaps @arcadeshopper knows.

::pounds fists on table::  I want answers, and I want them now!

 

I have actually had problems with ftp daemons of late.  proftpd seems to be the only good one still in development, and it supports TLS, which is nice.  My old anonymous ftp server on my nexus machine just stopped working for no reason, and I have not had time to muck with it.

[+mizapf]

Didn't they even remove the FTP client from Firefox? Just wanting the best for us. Or, in typical Forum-ese language, "you don't really want to use FTP".

 

As far as I know from Don back from a mail conversation in 2018, the provider removed the anonymous FTP support; you had to set a password for every user. The problem was that the anonymous user was then assigned a blank password, which is not the supposed way to handle anonymous FTP access, where the password should be a valid mail address.

[+OLD CS1]

9 hours ago, mizapf said:

Didn't they even remove the FTP client from Firefox? Just wanting the best for us. Or, in typical Forum-ese language, "you don't really want to use FTP".

Yes.  The ftp:// handler has been removed from all major browsers as being insecure -- technically, it is, but how difficult would it have been to graft on TLS support?  Buuuuuut, how many people still use it versus things like WebDAV and web interfaces?

 

IE still has it.  I used to use FireFTP for Firefox, but that was killed off with the change in add-on API.  Now, you have Filezilla, WinSCP, and a couple of others to use.

 

9 hours ago, mizapf said:

The problem was that the anonymous user was then assigned a blank password, which is not the supposed way to handle anonymous FTP access, where the password should be a valid mail address.

A blank password is technically fine, but the de-facto convention was to send an email address as password, and since those would necessarily vary the ftp server should accept any string as a password.

 

From RFC 1635:

Quote

Traditionally, this special anonymous user account accepts any string as a password, although it is common to use either the password "guest" or one's electronic mail (e-mail) address. Some archive sites now explicitly ask for the user's e-mail address and will not allow login with the "guest" password. Providing an e-mail address is a courtesy that allows archive site operators to get some idea of who is using their services.

Making "anonymous" an actual user account would break that convention, of course.

[+hloberg]

I'm having no problems logging in with FTP into WHTECH with latest Win10 Firefox.

also with CuteFTP I login as type HTTP website -FTP.WHTECH.COM user 'my email address', no password.  been downloading files with no problem.

[+arcadeshopper]

anonymous ftp has been off  for years.. too many script attacks

use http for that

[CLBrown]

So, if the WHTech FTP site no longer permits FTP access, only http...   how can I mirror, and update existing mirrors, of the site's contents?  FTP clients do this easily.  As far as I understand, using HTTP means I have to click on each individual link and individually save every file, and with no means of comparing old and new files until I've downloaded them.

 

Is there some tool I'm unfamiliar with which allows the same functionality an FTP client (FileZilla is what I typically use now, though I used to use WS/FTP Pro, for many years) and doesn't turn downloading en-masse into a weeks-long nightmare?

[+mizapf]

wget?

[CLBrown]

Wget seems to be a command-line-only program, and lacks the tools that an FTP client provides.

 

There's HTTRACK (see https://www.httrack.com/html/overview.html), of course, which is a website mirroring utility, but it takes everything, including the website infrastructure, and often won't take files you actually want.  A marginal option but nowhere nearly as useful as classical FTP, which just rebuilds the directory structure of the files stored in the FTP server, and can update only "changed" files or added ones. 

 

It's very frustrating to me, seeing capabilities taken away over time rather than added to.  But that's the state of today's computer world, hence my renewed interest in older computer tech, like the venerable TI. 

[+mizapf]

I once used wget for mirroring WHTech on my server. That was quite straight-forward, also because there are special options for mirroring. You can also describe include and exclude sets of files and directories, so if you dig a bit deeper in it, it should just do what you need.

[+OLD CS1]

1 hour ago, mizapf said:

I once used wget for mirroring WHTech on my server.

Ditto.  In fact, I used wget to mirror a lot of websites at the time.  It will reproduce the directory structure, the only limitation being that there must be a link to the deeper files.  Unlike ftp, it cannot simply enumerate directory structure.  (Insert Borimir meme.)

 

Nonetheless, it is a shame to see so much functionality removed from the Internet... officially.  Anyone can still run ftp services if they want, and anyone can still run a standard ftp client if they want.  Bearing in mind that there are nasty people out there who will happily intercept your session to send you bad stuff.  Security is not just about protecting credentials (useless for anonymous logins,) in this case it is about credentialing the source of the files you wish to use.  For that, a simple ProFTP installation (which I can still compile on Solaris 8 x86 -- you kids and your apt and yum) with SSL/TLS, used with a suitable client, would suffice.