The default copy of CrushFTP ships very secure. There are no default usernames, or passwords, etc. The default ciphers are relatively secure, but not as secure as they could be just for compatibility for people starting out using a potentially older browser for example. We also have some default ports that you may not need or want for file transfer that allow for insecure connections (FTP / HTTP).
So to secure the server, follow these steps:
1.) Login to the WebInterface, Admin, Preferences.
2.) Remove the FTP port on port 21, or click on advanced and enable require encryption.
3.) Remove the HTTP port on 8080 and 9090, or change the IP from "lookup" to be 127.0.0.1 making them inaccessible.
4.) Go to Encryption, SSL. Click the link to disable insecure ciphers.
5.) On the IP / Servers tab, right click on the HTTPS port, and restart it for the prior change to take effect.
6._
Add new attachment
List of attachments
| Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
|---|---|---|---|---|---|---|
jpg |
hardening_csp1.jpg | 607.6 kB | 1 | 27-Jan-2025 23:32 | Ada Csaba | |
jpg |
hardening_ftp1.jpg | 675.7 kB | 1 | 27-Jan-2025 23:33 | Ada Csaba | |
jpg |
hardening_pgp1.jpg | 298.0 kB | 1 | 27-Jan-2025 23:33 | Ada Csaba | |
jpg |
hardening_pgp2.jpg | 406.7 kB | 1 | 27-Jan-2025 23:33 | Ada Csaba | |
jpg |
hardening_sftp1.jpg | 637.1 kB | 1 | 28-Jan-2025 00:31 | Ada Csaba | |
jpg |
hardening_ssl.jpg | 587.1 kB | 1 | 27-Jan-2025 23:33 | Ada Csaba |
- WebInterface
- Server Admin
- User Manager
- Client Apps
- CrushBalance Load Balancer
- High Availability
- Self Registration
- Preferences
- Email Templates
- Restrictions
- Replication
- Banning
- Logging
- Encryption
- Alerts
- Folder Monitor
- Tunnels
- Syncs
- User Config
- Search Config
- Preview
- Misc
- Plugins
- Manage Shares
- PGP
- Telnet
- FAQ
- API
- Linux Install
- Virtual Linux Server
- Server Variables
- Google Authenticator and Microsoft Authenticator
- AS2 EDI