This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

The default copy of CrushFTP ships very secure. There are no default usernames, or passwords, etc. The default ciphers are relatively secure, but not as secure as they could be just for compatibility for people starting out using a potentially older browser for example. We also have some default ports that you may not need or want for file transfer that allow for insecure connections (FTP / HTTP).

So to secure the server, follow these steps:

1.) Login to the WebInterface, Admin, Preferences.
2.) Remove the FTP port on port 21, or click on advanced and enable require encryption.
3.) Remove the HTTP port on 8080 and 9090, or change the IP from "lookup" to be 127.0.0.1 making them inaccessible.
4.) Go to Encryption, SSL. Click the link to disable insecure ciphers.
5.) On the IP / Servers tab, right click on the HTTPS port, and restart it for the prior change to take effect.
6._

Add new attachment

Only authorized users are allowed to upload new attachments.
« This particular version was published on 05-Dec-2023 05:32 by Ben Spink.
G’day (anonymous guest)
CrushFTP11 | What's New
JSPWiki