We understand that many Internet server administrators are concerned about the widely reported Log4j (also known as "Log4Shell") vulnerability, and so would like to address the issue with respect to Rumpus. To be clear, Rumpus is not built on Apache, does not use or include the Log4j library or API, and has no functionality implemented using server-side Java. We will continue to monitor this and other reports of potential server vulnerabilities, but there is no indication that this issue has any impact on Rumpus servers.
While Rumpus servers are not affected by this particular security problem, the attention this vulnerability has received highlights the importance of proper server maintenance. Rumpus is continually updated to improve performance and functionality, and also to maintain security and address vulnerabilities as they are reported. Maxum strongly recommends that all Rumpus servers, especially those in environments where security is a key requirement, be kept up to date with the latest software release.
|The Rumpus server engine and application has been in active development for over 2 decades, so it is not only incredibly robust but feature-packed as well. Here is an overview of some of the most notable built-in capabilities:
Rumpus implements file transfer protocols natively, as a stand-alone, system-optimized application, for blazing performance on mid-range or even low-end hardware.
Easy User Account Administration
Define user accounts once in Rumpus to allow users to connect via Web browser, FTP, SFTP, FTPS or WebDAV.
Receive immediate notification when files are uploaded, downloaded or other important actions occur.
Upload Center Forms
Prompt users for additional information about uploaded files via configurable data entry forms.
In addition to supporting access using standard Web browsers and FTP clients, a dedicated app called Tether is optimized for local users accessing your key services.
The Rumpus admin console provides a simple and highly functional view of server activity and use.
Rumpus users can easily send files to guest users, or even allow guests to upload files to their content area.
Create a simple URL and link to it from your primary Web site or e-mail to allow one-click file transfers directly to a secure area on your server.
Robust Authentication Options
Enable user self-registration (with e-mail confirmation), 2 Factor authentication, Active Directory authentication, password complexity requirements, and more.
|Rumpus offers native implementations of all major secure file transfer protocols, and is built on top of industry standard encryption technologies.
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. OpenSSL sets the standard for encrypted data transfers on the Internet, and Rumpus directly interfaces with it to provide both HTTPS and FTPS services.
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options. Rumpus is built directly on top of OpenSSH to implement encrypted SFTP transfers.
To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a CA. In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain. Rumpus includes built-in Let's Encrypt integration, reducing this once arduous chore to a few simple clicks of the mouse.
Rumpus is not built on Apache, or any other Web or file transfer protocol platforms, leading to two big benefits. First, Rumpus is lightning fast, even on low-end hardware, thanks to its native, purpose-built server implementations. Second, Rumpus isn't susceptible to many well-known and common security flaws that might be exposed in these general-use platforms.