rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: alexfmos on January 05, 2021, 09:50:40 AM

Title: HFS and security of server
Post by: alexfmos on January 05, 2021, 09:50:40 AM
Sorry if my question very stupid. I'm using HFS many years, for fast access to my files from everywhere. I created a user with privileges with strong password to access multiple private folders. And now the question - it's safe?  I'm read a topic about stunnel only today. It's very complicated for me, maybe later i will learn more about it. I understand - it's secure the traffic. But now i ask about this - nobody can access files on the computer? I mean in HFS file system i don't have very important files, but it's possible to use HFS as a hole, to access other files on computer, not in HFS file system, or other unwanted actions?

Title: Re: HFS and security of server
Post by: LeoNeeson on January 05, 2021, 10:05:14 AM
But now i ask about this - nobody can access files on the computer? I mean in HFS file system i don't have very important files, but it's possible to use HFS as a hole, to access other files on computer, not in HFS file system, or other unwanted actions?
Nobody can access other files on your computer, only the files you share on HFS. If you make "users" (inside HFS) to protect shared folders, your ISP (or someone on your LAN) can 'sniff' and read those "credentials", but nothing else. Using Stunnel protects the traffic of your shared files (and the login process of your users). If you share sensible files, it's better to encrypt your files first (using WinRAR (https://www.win-rar.com/encryption-faq.html) or even better using 7-Zip (https://www.northeastern.edu/securenu/sensitive-information-2/how-to-use-7-zip-to-encrypt-files-and-folders/)). And it's always recommended to stay updated with the latest HFS version.

Nice to see an old user active on the forum.
Feel free to ask any question... :)
Cheers,
Leo.-
Title: Re: HFS and security of server
Post by: alexfmos on January 05, 2021, 10:22:09 AM
 :D Gracias.
And one more stupid question. Today i see in the log - someone from USA (i'm in Russia) download folder.tar archive of my root folder. How this user found my server? Or it's just some bot, who click all links on all pages?
Title: Re: HFS and security of server
Post by: LeoNeeson on January 08, 2021, 07:56:34 AM
It could be a bot or someone just curious trying to download all your shared files. It's better if you disable that option (to save on bandwidth).

Like Rejetto once said, it's an option you can disable:

By default the root itself is set archivable.
Uncheck it.
right click on the main folder > properties > flags > archivable

The 'main folder' is the 'house' icon (root).
If you need more help to disable it, just say it.

Cheers,
Leo.-