rejetto forum

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Mars

Pages: 1 2 3 ... 134
HFS ~ HTTP File Server / Re: HFS including SSl tools
« on: March 16, 2023, 10:31:21 PM »
No there will be no new version beyond the one already available in 2.x
a new project supporting https is already available in this topic

Bug reports / Re: False errors on upload
« on: January 26, 2023, 10:15:57 PM »
so it looks like this folder is visible in the VFS, since you changed the access properties there

try to go to the diff template tab and you can place a customization of the upload results there by adding this section

Code: [Select]
{.add to log|{.filename|%item-resource%.}=uploaded by {.if|{.length|%user%.}|%user%|Anonymous /if.}./add to log.}

HFS ~ HTTP File Server / Re: Rejetto HFS file server alternative?
« on: November 15, 2022, 03:44:12 PM »
Why shouldn't you wake a sleeping cat?
Cats who are deprived of these stages of sleep can become lethargic or irritable, it is therefore better to avoid waking them up as much as possible

and I must say that taking care of an awakened Fysack is not easy  ;D ;D ;D

Programmers corner / Re: Only one thing that wasn't released about HFS...
« on: October 25, 2022, 07:23:04 PM »
the procedure to reproduce in php seems to be the following

php receives a request from hfs in this format

Code: [Select]{external_port}&host={external_ip|dns_name}&natted={no|yes}this should generate a new request using a second channel  from php to hfs on the url of the form

Code: [Select]
if hfs is indeed accessible from the web with this url then it sends as response to php the text 'HFS OK'

from then on the php returns a text by the first channel with '1' as the correct functioning response, otherwise an empty string in the event of an error


technically it is possible to simulate this exchange using two hfs sessions and forcing a redirection from to a local ip in the windows 'hosts' file by adding this line

the server must appear as the php must be launched to listen to it on port 80 and active on 'Any Address'

in the root put  as diff template

launch another session of hfs listening on any port other than 80, then launch the "self test", the response obtained will be positively successful

you can also perform this experiment by replacing the localhost address with the local ip (

If we also use the 'self test' of the hfs of port 80 as a self test, the response will also be positive with , but no response with

HFS ~ HTTP File Server / Re: Why file system cleared?
« on: October 05, 2022, 07:06:04 AM »
the track seems unreliable, the system attributes are not sufficient to prevent a program other than hfs from accessing the VFS file.

I don't see any other solution as it stands than managing a copy of the vfs outside of hfs.

an important thing is to always activate "backup on save" in "Menu > Virtual File System" in order to keep a valid copy

HFS ~ HTTP File Server / Re: Why file system cleared?
« on: September 28, 2022, 07:19:57 PM »
for once it would have been necessary to note the date of creation of the empty vfs file, to determine if it was a new file created as part of a data backup or if there was loss of the complete file with recreation of a new but virgin,
this date could also have been compared with the log of windows application and system events and allowed to have an idea of ​​the cause of this phenomenon.

To tell the truth, this seems to be a fairly exceptional phenomenon over time, if it were more often recurrent, we could consider an in-depth study to try to reproduce it. At this stage it is wiser to make backups at regular intervals

the subject remains open to follow-up in the event of a shorter recurrence

by HFS scripts it is certainly possible to test the size of the current vfs and in the event of an incident to restore the last backup without the administrator having to intervene too late while issuing an alert to this one in the form of an email or other means of communication available from the server

we can test the existence of a hidden virtual file in the vfs as a reference point, and if this one disappears this means that the vfs had a problem, hfs can then react accordingly

A forgotten event appeared while extending the legacy tests

we start from a real folder added to the VFS (we make sure that it does not inherit the upload itself), we assign it the upload rights by checking anyone,
we then add a new virtual folder as a child, we can confirm that the upload is not possible for this child.

To this virtual child if we also add a real folder: named UPLOAD HFS
it then appears a dialog box asking us whether or not we want to authorize the inheritance upload for this 'grandchild' for all, in this case anyone will be checked for this folder otherwise he will still benefit from the rights of upload successive parents.

After verification, it is implemented that any folder name containing the word upload brings up the question

virtual folders do not have permission to perform uploads, only real folders mounted in the VFS have this possibility

if the subfolder is a physical child on the hard disk of the uploaded folder, it will have the same rights as its parent, on the other hand if the two directories are neither parent of one nor parent of the other, it is possible to mount the 2nd as a child of the first in the VFS as actual directories (red folder icons) and individually assign the necessary permissions but it does seem like the inheritance persists, a solution to invalidate it is to put a filter mask for the upload of the sub-directory in the files mask tab, put \*.* in the upload field ( which means none matching the mask *.*)

this will not prevent the user from being able to send a file, but hfs will refuse to save it

the solution that can be adopted is to create an account named for example "noupload" protected by a password not found with special characters

we configure the parent to authorize the upload to any authorized person, then for the subfolder we only authorize the upload for the "noupload" account, this deactivates parental inheritance and the upload button will not appear, for remote maintenance needs, we can also authorize the upload for the account that manages the server in addition to the right to delete the subfolder

I remind you that the child must not be a direct subdirectory of the parent on the disk, although theoretically it could work indirectly
I see that it is the exact suggestion from rejetto above

Everything else / Re: Massive amounts of users registering accounts
« on: July 17, 2022, 03:31:20 PM »
Hi guys

there are indeed periods when there is an upsurge in the creation of unwanted accounts (normally about thirty per day) with peaks beyond 200 per day, a large majority is blocked by the antispam module but some manage to pass through when they have not been registered in the Stop Forum Spam database. Daily I report non-compliant profiles which causes them to be classified as unwanted until the Boss purges the list, it's a way for me to continue to participate on the forum after a long cooperation on development of HFS under Delphi to the use of javascript.

The forum would need to  to increase security against bots by a more complex registration system with catpcha imposing double verification either by using a HoneyPot and Time measuring, or a logical or mathematical textual test.

Usually when new subscribers fill out their signature or Personal Text, including promotional web links before posting a single message, it's a bad sign.

Some temporary domain names are being misused, ban filtering of these domains would most certainly reduce this influx of registrations every minute

Everything else / Re: Let things calm down
« on: April 29, 2022, 08:12:00 PM »
The problem is that when the address of a target is known to a hacker, there is little chance that it will not be tested. From Rom_1983's point of view, nothing accuses you, but given the suspicion that you are under surveillance, it suggests that these attacks are indirectly linked to your Python scripts.The problem is that when the address of a target is known to a hacker, there is little chance that it will not be tested. From Rom_1983's point of view, nothing accuses you, but given the suspicion that you are under surveillance, it suggests that these attacks can be indirectly linked to your Python scripts.

It should also be remembered that all messages with their content containing links to personal sites are visible to any visitor who is not logged in, so do not be surprised to be potentially the victim of unwanted visits.

If we hear most often about big brother and its eavesdropping through the NSA, we should not forget that other major countries are not behind in this area either and are increasingly trying to manipulate the opinion, it is therefore logical to remain suspicious of them as long as it is not possible to verify the information by means of sources not subject to the directives of these governments

HFS ~ HTTP File Server / Re: Request login/password but accept any
« on: December 17, 2021, 05:00:45 PM »
From memory I don't think that's possible, unless you create a form yourself to manage the identification, under the conditions you want, you just need to redirect to the resource (possibly hidden) including the login and password assigned to him

Bug reports / Re: Possible vulnerability
« on: December 11, 2021, 09:46:00 PM »
if you are using one of the latest versions the remote use of macros by a user using a url is automatically detected and made harmless.

the other vulnerability exploit that was resolved quickly was the null byte injection

I can no longer remember where and in what way these two types of attack are detected in the sources of hfs but it is certain that if your version is up to date there is no more risk when a remote user performs such attempts

it may depend on several factors:
1) make sure that the mobile phone is well connected in wifi on the local network and not on the 3G-4G-5G network, otherwise it is necessary to set up an external routing
2) with HFS in standard mode, the phone browser must be able to display the home page, if necessary try another browser
3) in all circumstances, in the event of problems, use the IP address of the computer on the local network as the connection url and not the DNS name used for external connections

HTML & templates / Re: About "hits"
« on: October 17, 2021, 12:56:00 AM »
attach your hfs.tpl in a new post

Pages: 1 2 3 ... 134