CrushFTP Server

CrushFTP is a proprietary multi-protocol, multi-platform file transfer server originally developed in 1999. CrushFTP is shareware with a tiered pricing model. It is targeted at home users on up to enterprise users.

Features

CrushFTP supports the following protocols: FTP, FTPS, SFTP, HTTP, HTTPS, WebDAV and WebDAV SSL. Additionally, although not a protocol, it has both AJAX/HTML5 and Java applet web interfaces for end users to manage their files from a web browser. CrushFTP uses a GUI for administration, but also installs as a daemon on Mac OS X, Linux, Unix, and as a service in Windows. It supports multihoming, multiple websites with distinct branding, hot configuration changes, and GUI-based management of users and groups. Plugins are included for authentication against SQL databases, LDAP, Active Directory, and Mac OS X accounts (NetInfo). All settings are stored in XML files that can be edited directly, or with the CrushFTP GUI. If edited directly, CrushFTP will notice the modification timestamp change and load the settings immediately without needing a server restart.

History of CrushFTP

CrushFTP was first published publicly around 1999. Initial versions were FTP only. There were no connection restrictions in version 1.x. CrushFTP 2.x brought about virtual directories in a sense, while CrushFTP 3.x brought about a full virtual file system. It supported the ability to merge and mangle several file systems together regardless if they were from local folders, or another FTP site. It in a sense could even act as a proxy for other FTP servers. However the complications from all the potential issues that could go on from this was confusing. CrushFTP 3 also brought about tiered pricing and restricted the unregistered shareware version to just 5 users at a time.

CrushFTP 4 focused primarily on a cleaner interface and less confusing virtual file system. While it still seems to have some support for merging FTP sites with a local file system, the support seems limited. CrushFTP 4 includes all of CrushFTP3's features, along with more. The learning curve from CrushFTP 3 to 4 is not steep. Updates in version 4 include a full HTTP server as well as the other supported protocols. It continues with the tiered pricing model, with the unregistered shareware only allowing for five simultaneous users at a time. Recent updates started recognizing web browsers as being different than FTP connections where four web browsers connections only count as one user against the licensed limit.

Features

• Event based actions to trigger emails.
• WebInterface allowing on the fly zipped uploads and downloads
• Drill down into folders on the WebInterface, delete, or rename all without page refreshes.
• Custom usage reports that can be run on demand, or scheduled.
• Live realtime GUI for monitoring active users, and their activity.
• Web server supports Server Side Includes, and virtual domains.
• Support for Adobe's PDF form posting/uploading.
• SQL integration to store users and permissions in SQL database tables.
• LDAP integration to authenticate against LDAP.
• Ability to launch custom shell scripts passing in the last file uploaded.
• Detailed logging and log rolling.
• Download and Upload queueing.
• Custom web upload forms for collecting additional information with file uploads.
• Bandwidth limiters.
• Internal statistic gathering.
• User and group inheritance on a per setting level.
• Max login time, idle time.
• Max upload, download, and minimum download speed.
• Quotas and ratios.
• Max download amount per session, day, or month.
• Auto account expirations.
• Restricted IP ranges for connections.
• Custom events including running a plugin or sending an email.
• Can be customized or localized into various languages. (GUI and WebInterface)
• Supports various encodings including UTF-8.
• Can do Virtual File System (VFS) linking to merge several file systems together in one.
• Supports FTP's MODE Z for compressed transfers.

Plugins

• AutoUnzip allows automatic zip file expansion when a zip is uploaded to the server.
• CrushImagePreview is a shareware plugin that allows for automatic image thumb-nailing and live hover over previews for the WebInterface.
• CrushLDAP authenticates against an LDAP server including support for Active Directory notations.
• CrushNoIP keeps a www.no-ip.com account in synch without a need for a separate stand alone client.
• CrushSQL authenticates against a SQL table.
• HomeDirectory generates home folders for users when they login. Saves a step during account creation.
• LaunchProcess allows for custom scripts or applications to be launched passing in as arguments the last file uploaded.
• MagicDirectory allows creating users by just making a folder. Non administrator type personnel can create users easily.
• OSXNetInfo authenticates against Mac OS X 10.3 and 10.4 NetInfo databases.
• WebStatistics gives an AJAX powered web page displaying live stats from the server.

(Other plugins are available but their purpose may be specific to certain scenarios: PreferencesController, DuplicateBlocker, ContentBlocker, FilterCommand, DotBIN, DebugOptions.)

Development

Development has been performed by the sole developer Ben Spink. Updates have been frequent with version 4, almost weekly at times. The feature set of version 4 continues to expand as the initial release was missing much of the functionality the current releases have.

Authentication Options

• Built-in user database consisting of XML files describing the user and Virtual File System access.
• Active Directory
• LDAP
• SQL Tables
• HTTP Basic Authentication
• HTTP Form Based Authentication

Security

Encryption is supported for files "at rest" using AES-128, as well as for passwords using an MD5 non-reversible hash. SFTP uses SSH for encryption, and FTPS uses SSL/TLS for encryption.

There have been no known, or published security vulnerabilities in CrushFTP 4. There have been no known, or published security vulnerabilities in CrushFTP 3. One published vulnerability was in CrushFTP 2.1.4 which had a patch released within a day.

See also

• Comparison of FTP server software
• List of FTP server software
• List of SFTP server software

External links

• CrushFTP Server Home Page
• CrushFTP Training Videos