timeout and WHM/cPanel

[Bert]

The user successfully logs in. But then, nothing... the directory listing cannot be retrieved... the timeout is reached.

When this happens, in addition to the messages that are already being displayed in the status log textarea at the top of the application, the end-user should get a pop-up with information.

The pop-up should say something about transfer modes, and it should say that the firewall of the server may be blocking incoming connections.

The well-known CSF firewall that almost everyone uses with WHM/​cPanel installs has a TCP_IN that does not include the 30000:50000 range.

FileZilla is such a well-known client that, again and again, our customers kept running into this issue. We've been telling them for years to use WinSCP and to avoid FileZilla. I've personally told many customers to avoid FileZilla because it doesn't work properly. Clearly, WinSCP can do something that FileZilla cannot.

You have to make sure that end-users understand what's going on, and that they can ask their server administrator to open that TCP_IN port range.

Even if - hypothetically - what I'm writing above is nonsense, and I don't understand FTP or passive/active modes at all, there's still a problem. I'm the system administrator of several servers with up to a thousands accounts. Only today I figured out I can "fix" FileZilla for customers by changing CSF settings. If only the first FileZilla end-user who contacted me could've told me.

[Tim Kosse]

WinSCP is insecure. Unlike FileZilla, WinSCP does not use FTP over TLS by default.

In case of plaintext FTP your firewall inspects traffic and transparently opens ports if needed. This obviously cannot work if using FTP over TLS.

Long story short: Fix your firewall.