Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


[Review&SPECIAL OFFER]1Fichier - Unlimited File Hosting Storage & 100GB/mo CDN for 10€/Year - Page 3
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

[Review&SPECIAL OFFER]1Fichier - Unlimited File Hosting Storage & 100GB/mo CDN for 10€/Year

1356717

Comments

  • YmpkerYmpker Member

    @Rami said:
    @Ympker PM me with your aff link please

    Done :-)

  • noamannoaman Member

    @Ympker said:

    @Rami said:
    @Ympker PM me with your aff link please

    Done :-)

    Do they have API

  • YmpkerYmpker Member

    @noaman said:

    @Ympker said:

    @Rami said:
    @Ympker PM me with your aff link please

    Done :-)

    Do they have API

    Someone posted this earlier: https://1fichier.com/hlp.html#devupload

    Some basic functions

  • nulldevnulldev Member

    Identify using POST variables "user" and "pass" (MD5)

    I found this at the bottom of this page in the developer section: https://1fichier.com/hlp.html#devupload

    This seems really, really sketchy. Hashing the password and then sending it to the server? That doesn't sound secure at all...

  • TWoTWo Member

    Good find. Most probably they've heard that plaintext passwords are evil and came up with this (non) solution. Have seen it a lot with these PHP hobby developers.

  • noamannoaman Member

    @TWo said:
    Good find. Most probably they've heard that plaintext passwords are evil and came up with this (non) solution. Have seen it a lot with these PHP hobby developers.

    Well I dont inderstan this sh*tty concept ....using sha ncryption requires just a change of one simple function yet they still use md5...

  • YmpkerYmpker Member

    @noaman said:

    @TWo said:
    Good find. Most probably they've heard that plaintext passwords are evil and came up with this (non) solution. Have seen it a lot with these PHP hobby developers.

    Well I dont inderstan this sh*tty concept ....using sha ncryption requires just a change of one simple function yet they still use md5...

    I will most likely be hosting either (non critical) encrypted backup files or files that are meant for the public anyway so either way I'm good just in case anything would happen :P

  • nulldevnulldev Member

    @noaman said:

    @TWo said:
    Good find. Most probably they've heard that plaintext passwords are evil and came up with this (non) solution. Have seen it a lot with these PHP hobby developers.

    Well I dont inderstan this sh*tty concept ....using sha ncryption requires just a change of one simple function yet they still use md5...

    That's not the only problem here. There are a couple of other major problems here:

    1. There is no way your password can be salted unless they hash the password twice (which is a problem on it's own).

    2. The server should always be the one doing the hashing. NEVER have the client do the hashing.

    3. As you mentioned, MD5 is insecure, they should be using something like bcrypt. SHA is too fast to be secure.

    P.S. SHA and MD5 are not encryption algorithms, they are hashing algorithms.

    Thanked by 1t0m
  • noamannoaman Member
    edited May 2017

    @nulldev said:

    @noaman said:

    @TWo said:
    Good find. Most probably they've heard that plaintext passwords are evil and came up with this (non) solution. Have seen it a lot with these PHP hobby developers.

    Well I dont inderstan this sh*tty concept ....using sha ncryption requires just a change of one simple function yet they still use md5...

    That's not the only problem here. There are a couple of other major problems here:

    1. There is no way your password can be salted unless they hash the password twice (which is a problem on it's own).

    2. The server should always be the one doing the hashing. NEVER have the client do the hashing.

    3. As you mentioned, MD5 is insecure, they should be using something like bcrypt. SHA is too fast to be secure.

    P.S. SHA and MD5 are not encryption algorithms, they are hashing algorithms.

    And its just not them....

    I logged into my solusvm....vnc consple...the default generated password is root password ....plain text...

    Edit:solusvm of my hosting provider

  • YmpkerYmpker Member

    Messaged about moving files at 68tb? Pretty fair for the 12€/year deal I guess. Anyway their ToS is a whole pdf not just 3 lines what op at reddit implies.

  • YuraYura Member

    @Ympker, so was it a recurring deal with price locked-in or a one-off discount for coupons? I wanted to buy but didn't because bitcoins and stuff. I don't like non-recurring deals personally.

    Thanked by 1risharde
  • YmpkerYmpker Member

    @Yura said:
    @Ympker, so was it a recurring deal with price locked-in or a one-off discount for coupons? I wanted to buy but didn't because bitcoins and stuff. I don't like non-recurring deals personally.

    Prepaid thus non recurring :/ But they seem to run this promo yearly as on their fb they asked for that deal already stating that last year it was a mere 1€/year deal

    Thanked by 1Yura
  • 68TB? Could one do direct FTP download from a EU vps for example?

    Or is it upload only FTP?

  • plumbergplumberg Veteran

    I can just see the $30 pricing and not $10 for pro...

  • nulldevnulldev Member

    @plumberg said:
    I can just see the $30 pricing and not $10 for pro...

    Deal is long expired :(.

  • YmpkerYmpker Member

    @nulldev said:

    @plumberg said:
    I can just see the $30 pricing and not $10 for pro...

    Deal is long expired :(.

    ^ this

  • YmpkerYmpker Member

    @vimalware said:
    68TB? Could one do direct FTP download from a EU vps for example?

    Or is it upload only FTP?

    As for remote dl links FTP is supported, too afaik. Just like in any dl manager you can add various links to a whitebox (1 per line) then start dl.

  • angstromangstrom Moderator

    The question of "unlimited" has been raised in other threads in connection with other providers as well. "Unlimited" means that the provider doesn't set a predetermined limit; it doesn't mean that there's no limit that the provider could set in the case of abuse. The term "unlimited" may not seem to express this, but this term should always be understood in the context of a no-abuse policy.

    The OP of that thread on reddit begins with:

    I have been using 1fichier for a while. Not for piracy purposes but we all know what this server is used for.

    Which already sounds suspicious to me.

    It's hard for any of us to judge the details of this particular case, but 1fichier clearly suspected abuse here.

  • YmpkerYmpker Member

    Update :
    I currently have about ~ 5TB at my fichier account and everything seems to work fine. I've heard of someone being asked to reduce their storage who had 60+ TB. He reduced it first to 45 TB where they still asked him to reduce it and after he settled around ~30TB he was not having any problems anymore. So I guess ~30TB is the hard limit. Still with their yearly promos of 10ish € I have no objection. Speed and performance for dls and cdn within EU has been good so far :) Gonna up my storage to 10 TB soon.

  • YmpkerYmpker Member

    Made a video to show things :- )

  • nhocconannhocconan Member
    edited June 2017

    I missed this, in May I did not purchase this due to (i) It seems they do not accept PayPal, and (ii) I was on ACD unlimited storage. Now ACD is gone, and this seems to be tempting. Will keep waiting for their promotion again :-)

  • 30TB seems pretty low for me. Currently, I have 55TB+ on Gsuite . Hope they ain't enforce 1TB in the next 3 3yrs.

  • YmpkerYmpker Member
    edited June 2017

    @Aluminat said:
    30TB seems pretty low for me. Currently, I have 55TB+ on Gsuite . Hope they ain't enforce 1TB in the next 3 3yrs.

    30TB @ 10€/year match this :- )

    Always pick their promos :P Next time I will purchase more vouchers to renew ;P

    @nhocconan said:
    I missed this, in May I did not purchase this due to (i) It seems they do not accept PayPal, and (ii) I was on ACD unlimited storage. Now ACD is gone, and this seems to be tempting. Will keep waiting for their promotion again :-)

    Various of their resellers accept pp though :)
    The current price is not bad either for ~50$/year for "unlimited" (30TB). Others wont match this except for gsuite which might be adjusting soon, too^^

  • fanfan Veteran

    Got one year this time, are they doing such kind of promotion every year? @Ympker

  • YmpkerYmpker Member

    @fan said:
    Got one year this time, are they doing such kind of promotion every year? @Ympker

    It seems like this is the case. When they announced their last promotion ppl would comment on their fb if they gonna do a 1€ deal like last year so it's fair to assume they will have regular promotions. Next time though Im gonna buy some more vouchers :P

    Thanked by 1fan
  • @Ympker said:

    @fan said:
    Got one year this time, are they doing such kind of promotion every year? @Ympker

    It seems like this is the case. When they announced their last promotion ppl would comment on their fb if they gonna do a 1€ deal like last year so it's fair to assume they will have regular promotions. Next time though Im gonna buy some more vouchers :P

    Thanks to post on LET again when you see it :-). I have a new house for my ACD backup at Zxhost, however adding more redundant level with €10/year is a good thing to do.

    Thanked by 2Ympker Falzo
  • JFYI: The 5€/10€ deal ist currently back! Right on top of the frontpage.
    (But thats without taxes.)

    Thanked by 3angstrom Ympker sipe
  • YmpkerYmpker Member
    edited June 2017

    Taggin @nhocconan .
    Extended mine :- )

    Thanked by 1nhocconan
  • Which payment method do you use ? Wich is the most reliable ? (except bitecoin) ?

Sign In or Register to comment.