How to update your site (Technical Notes))

In order to access your web space* in the Autistici/Inventati servers, you should connect to it by using the FTP protocol with a proper application (ftp client), such as Filezilla for windows or Kasablanca (graphic application -- KDE) or lftp and ftp-ssl (command line) for linux, and entering your user name and your password (which you'll receive as soon as you get a web space). If you don't know what we are talking about, you'd better get some documentation before asking us to activate a web space :)

The server you should connect to is signalled in your A/I user panel ('web management' section).

Please remember that when you connect through ftp, your password travels in plain-text, and can be thus tapped by anybody unless you use a secure ftp client allowing for encrypted connections to the server (lftp or Kasablanca for linux, or look for an ftp client with SSL support). Our servers do offer an FTP service via SSL, and even if the clients allowing for this option are few, we strongly advise to use them so as to send your password in an encrypted way.

* The directory containing all your online site is the html-sitename directory you'll see when logging in via ftp.

---

FTP Howto

• Introduction to the FTP protocol
• Updating your site vi FTP on the Autistici/Inventati servers

Introduction

One of the first application oriented protocols to be developed for the Internet has been the file transfer protocol, or FTP. After some decades this protocol is still alive and keeping, a fact that vividly witnesses its efficiency.

Autistici/Inventati features an FTP server allowing its users to upload their sites contents, as well as a so called "public" area where it keeps the file archives which anybody can access. To see this archive, you just need an FTP client (for example the authors like to use lftp, a command line client for linux, gftp -- if you prefer a WYSIWYG alternative, or ftp-ssl, another excellent command line option. If you use Windows, we suggest filezilla); with an FTP client you can then connect as anonymous user or as ftp, by using something similar to your e-mail address as a password:

    Username: anonymous
    Password: 123@anon.mil

Of course, we discourage entering your real e-mail address as a password for the anonymous FTP.

Very likely you won't have to enter any data at all, since most WYSIWYG clients automatically set both password and user name for the anonymous access.

If you don't feel like installing an FTP client, you can easily use the anonymous space with a simple browser: you just need to write the specific address this way:

ftp://autistici.org

you will thus access the A/I public area, if there are not too many clients already connected. Of course, this process is valid for each computer featuring a public FTP service.

Besides this first introduction, we are not going to discuss clients and FTP protocol. You will find the theoretical notions you need in the Web:

For a quick but efficient introduction to the notions of networking, read

http://www.netfilter.org/documentation/HOWTO/it/networking-concepts-HOWTO.html

For a brief introduction to the FTP protocol:

http://telemat.die.unifi.it/book/corso_telematica/lez_080/grp_2.html

If you wish something more serious:

ftp://ftp.rfc-editor.org/in-notes/std/std9.txt

Updating your web space through FTP

As we said before, if you have a website with Autistici/Inventati, you need to use an FTP client. Being a historical protocol, and having been developed long time ago, FTP was born when the idea of security was very different from the current one. When you connect to a server via FTP, your password travels in plain-text.

If you wish to change your FTP account password, visit your
User Panel.
Log in with your user name and change your password by clicking on 'web management' in the left-hand menu.

To avoid this setback and makeit rather impossible to tap your communication with an FTP server, an encryption level called SSL/TLS has been added.

This feature is not supported by all servers and FTP clients, but with Autistici/Inventati it is, so we strongly advise you to use it.

To make things more understandable, a plain-text, non-encrypted FTP connection will look more or less like this:

interface: ppp0 (80.116.98.156/255.255.255.255)
filter: ip and ( port 21 )
####
T 62.149.193.207:21 -> 80.116.98.156:33247 [AP]
220 FTP Server Ready..
##
T 80.116.98.156:33247 -> 62.149.193.207:21 [AP]
USER geek..
##
##
T 62.149.193.207:21 -> 80.116.98.156:33247 [AP]
331 Password required for geek...
##
T 80.116.98.156:33247 -> 62.149.193.207:21 [AP]
PASS itrainsfrogs..
#
T 62.149.193.207:21 -> 80.116.98.156:33247 [AP]
230 User geek logged in...

You will notice that both password and user name are easily readable and identifiable: user geek, password itrainsfrogs.

By using a client with SSL/TLS support, this can be avoided. That's why we strongly recommend to take advantage from this opportunity.

What follows is an example of an FTP connection with an SSL/TLS client communicating with a server allowing for this protocol:

interface: ppp0 (80.116.98.156/255.255.255.255)
filter: ip and ( port 21 )
####
T 62.149.193.207:21 -> 80.116.98.156:33227 [AP]
220 FTP Server Ready..
##
T 80.116.98.156:33227 -> 62.149.193.207:21 [AP]
AUTH TLS..
##
T 62.149.193.207:21 -> 80.116.98.156:33227 [AP]
234 AUTH TLS successful..
#
T 80.116.98.156:33227 -> 62.149.193.207:21 [AP]
.|....c......9..8..5..............3..2../.....f..............c..b..a.......
....@..e..d..`.........................$T.)....XLUW
##
T 62.149.193.207:21 -> 80.116.98.156:33227 [AP]
e..[..4..S....n..?...Q................o...u.h....;.^..V..@....x.vfVmA..o.[.
.......y.O1.....Z.".B.U.l8...lA........Y..T...zD};....................
##
T 62.149.193.207:21 -> 80.116.98.156:33227 [A]
....J...F..@C..].?'...;^......!..R.?>...... b..._..d...K#..=......:@-.$....
...................0...0...........0...*.H........0..1.0...U....AI1.0...U..
..Paranoia1.0...U....Paranoia1.0...U....Associazione Investici1 0...U....Ce
rtification Authority1.0...U....Associazione Investici1.0...*.H........ca@a
utistici.org0...030926142954Z..040925142954Z0..1.0...U....AI1.0...U....Para
noia1.0...U....Associazione Investici1 0...U....Certification Authority1.0.
..U....www.autistici.org1.0...*.H........ca@autistici.org0..0...*.H........
##
T 80.116.98.156:33227 -> 62.149.193.207:21 [AP]
.......................w.iv..fA.V..X.......l.?.; .-..r..XB...9R.'.+q..[b.H.
..\#..w..f5+..*-.....!.p.Y.....C-..oI9....pbB.E....".JOc]Q.m,.F...dc.....1(
..........(%.. .n3........mH...p.h9W.B..#.F...z....
##
T 62.149.193.207:21 -> 80.116.98.156:33227 [AP]
..........(.B...A.G"...........Mq(...-..rz..)....|.
##
T 80.116.98.156:33227 -> 62.149.193.207:21 [AP]
....(...7..R/..v....X.8.EaE.m......n...K..x..
#
T 62.149.193.207:21 -> 80.116.98.156:33227 [AP]
....8a;...s.la._.....a.R.}P.p.#..D.[..\5.......y.a...H..J...,
#
T 80.116.98.156:33227 -> 62.149.193.207:21 [AP]
....(...m..,V....@:...z~x.Fz.......-..D...<[.
#
T 62.149.193.207:21 -> 80.116.98.156:33227 [AP]
..0..yA...d.X(...[P......3H....[|y..q.%...5..Qb....
#
T 80.116.98.156:33227 -> 62.149.193.207:21 [AP]
.... %.h=0......J.>T....WJk.......[.}

Note how everything appears more mysterious here: you cannot see any useful information about the user's name and password.

THEREFORE WE RECOMMENT A CLIENT WITH SSL/TLS SUPPORT FOR ANY OPERATION ON THE AUTISTICI/INVENTATI SERVERS.

The SSL support is not offered by every FTP client. What follows is a brief synthesis:

• lftp: http://lftp.yar.ru/. By entering the line
  set ftp:ssl-force true
  in your /etc/lftp.conf or in ~/.lftrc you will force any connection to use the SSL protocol.
• ftp-ssl: ftp://ftp.runestig.com/pub/ftp-tls. This project was originally developed for Openbsd, but it can also be compiled with linux. There's a debian package: to install it enter apt-get install ftp-ssl.
• Filezilla: http://filezilla.sf.net. For windows.