Hello to all you security experts out there,
My website is hosted on a particular shared hosting server, run by some big company; let's not get into which one. Suffice to say, it's a typical cPanel account on a LAMP stack. The server (not my domain, but the server itself) possesses an SSL security certificate, and I can connect to the server securely for e-mail and cPanel admin.
My web host's Knowledge Base states that it is possible to establish an FTP connection to the server over SSL/TLS. However, every time I try to do this, it fails. Here's what happens:
The initial handshake goes fine. My software accepts the server's security certificate, the server accepts my login and sends a list of all the functions it supports, and then my software asks for the directory listing (one FTP program calls LIST, another calls MLSD). At this point, the server becomes unresponsive, the operation times out, and the connection fails.
I have tried this using three different FTP software programs. I have examined my firewall logs, and no traffic is being blocked on any port at the time the connection fails. I have tried this from different networks at different physical locations. Each time, the connection fails in exactly the same way.
I am able to connect insecurely via plaintext FTP without any trouble. When no secure transmission protocol is used, the server responds instantaneously to the directory listing command. However, I feel really uncomfortable sending my FTP login and password "in the clear" and I don't want to have to do this.
Now, get ready for the real kicker. I submitted a support ticket to my web host, and I've been e-mailing back and forth with their support desk all week. They told me to get a static IP for my local computer and then they will set up SFTP access for my account. Well, my ISP wants $15 a month to set me up with a static IP address, which is a substantial hidden cost when the shared hosting itself only costs a couple bucks a month. So I have been going back and forth with the web host's support desk, trying to figure out why I can't make an FTP connection over SSL, even though their Knowledge Base specifically states that I should be able to do this. After giving me the runaround for a couple days, they finally admitted that they can't do it either!! That's right, the web host's own support desk is unable to connect to their own server via FTP over SSL, even though according to their own Knowledge Base article, it should be a piece of cake.
Please correct me if I'm wrong, but it sounds to me as though my web host's server is improperly configured, and they're too stubborn or (insert adjective here) to fix it. These guys have multiple data centers around the country, so when I say "their server" I'm really talking about a huge number of accounts.
So, here's what I'm wondering. Is there some advice I could give to my hosting company that would help them fix this issue? Should I quit grumbling and accept that I will have to pay the extra ($15 x 12 =) $180 a year to have my very own static IP? Or should I switch web hosts, and if so, is there one you would recommend?
This is kind of a long question; I wanted to explain the issue thoroughly. I have surfed around the interwebs trying to find out all I can about this issue, and most replies in most of the other forums seemed to indicate that they thought the user's firewall was the culprit; so I wanted to explain exactly why that is definitely not the problem in this instance. I'm convinced the issue has something to do with the server, and I'm really just asking for advice about what I should do about it. I sure would appreciate your feedback, I've been banging my head on this for far too long now. Thanks!
-thesmithman
My website is hosted on a particular shared hosting server, run by some big company; let's not get into which one. Suffice to say, it's a typical cPanel account on a LAMP stack. The server (not my domain, but the server itself) possesses an SSL security certificate, and I can connect to the server securely for e-mail and cPanel admin.
My web host's Knowledge Base states that it is possible to establish an FTP connection to the server over SSL/TLS. However, every time I try to do this, it fails. Here's what happens:
The initial handshake goes fine. My software accepts the server's security certificate, the server accepts my login and sends a list of all the functions it supports, and then my software asks for the directory listing (one FTP program calls LIST, another calls MLSD). At this point, the server becomes unresponsive, the operation times out, and the connection fails.
I have tried this using three different FTP software programs. I have examined my firewall logs, and no traffic is being blocked on any port at the time the connection fails. I have tried this from different networks at different physical locations. Each time, the connection fails in exactly the same way.
I am able to connect insecurely via plaintext FTP without any trouble. When no secure transmission protocol is used, the server responds instantaneously to the directory listing command. However, I feel really uncomfortable sending my FTP login and password "in the clear" and I don't want to have to do this.
Now, get ready for the real kicker. I submitted a support ticket to my web host, and I've been e-mailing back and forth with their support desk all week. They told me to get a static IP for my local computer and then they will set up SFTP access for my account. Well, my ISP wants $15 a month to set me up with a static IP address, which is a substantial hidden cost when the shared hosting itself only costs a couple bucks a month. So I have been going back and forth with the web host's support desk, trying to figure out why I can't make an FTP connection over SSL, even though their Knowledge Base specifically states that I should be able to do this. After giving me the runaround for a couple days, they finally admitted that they can't do it either!! That's right, the web host's own support desk is unable to connect to their own server via FTP over SSL, even though according to their own Knowledge Base article, it should be a piece of cake.
Please correct me if I'm wrong, but it sounds to me as though my web host's server is improperly configured, and they're too stubborn or (insert adjective here) to fix it. These guys have multiple data centers around the country, so when I say "their server" I'm really talking about a huge number of accounts.
So, here's what I'm wondering. Is there some advice I could give to my hosting company that would help them fix this issue? Should I quit grumbling and accept that I will have to pay the extra ($15 x 12 =) $180 a year to have my very own static IP? Or should I switch web hosts, and if so, is there one you would recommend?
This is kind of a long question; I wanted to explain the issue thoroughly. I have surfed around the interwebs trying to find out all I can about this issue, and most replies in most of the other forums seemed to indicate that they thought the user's firewall was the culprit; so I wanted to explain exactly why that is definitely not the problem in this instance. I'm convinced the issue has something to do with the server, and I'm really just asking for advice about what I should do about it. I sure would appreciate your feedback, I've been banging my head on this for far too long now. Thanks!
-thesmithman
Comment