FTP server is very useful for transferring (uploading and downloading) files to the extend of backing up files from an unbootable Windows but it can also be abused. Many years ago when a hacker managed to hack in a Windows server, they’d plant a backdoor Serv-U FTP server so that they can have full access to the files in the server. I am very sure that the latest version of Serv-U FTP server no longer has the stealth feature maybe because antivirus companies has started flagging Serv-U FTP server as a threat. This will surely affect their sales as legitimate customers would freak out and suspect if the software that they’re selling contains backdoor.

I’ve written a guide on how to set up a FTP server on Windows computer using FileZilla but it involves quite a lot of steps and it doesn’t run quietly in background. So if you’re looking for an alternative for Serv-U FTP server that can run quietly, then you can try SlimFTPd.

SlimFTPd is a fully standards-compliant FTP server implementation with an advanced virtual file system. It is extremely small, but don’t let its file size deceive you: SlimFTPd packs a lot of bang for the kilobyte. It is written in pure Win32 C++ and requires no messy installer. SlimFTPd is a fully multi-threaded application that runs as a system service on Windows 98/ME or Windows NT/2K/XP, and it comes with a tool to simplify its installation or uninstallation as a system service. Once the service is started, SlimFTPd runs quietly in the background.

It reads its configuration from a config file (slimftpd.conf) in the same folder as the executable, and it outputs all activity to a log file(SlimFTPd.log) in the same place. The virtual file system allows you to mount any local drive or path to any virtual path on the server. This allows you to have multiple local drives represented on the server’s virtual file system or just different folders from the same drive. SlimFTPd allows you to set individual permissions for server paths.

Open slimftpd.conf in Notepad or your favorite text editor to set up SlimFTPd’s configuration. The format of SlimFTPd’s config file is similar to Apache Web Server’s for those familiar with Apache. The config file will work by default allowing FTP clients to connect but you’ll have to set up the user account in order for the user to login and transfer files. Scroll down to line 76 and you should see the code #. Remove the hash # and continue doing that on line 77, 81, 88, and 97.

Next you’ll need to modify the location where you want the user to have access to which is at line 81. By default it is the value is Mount / C:\ftproot. Do take note that SlimFTPd will not run if the specified a folder such as the default ftproot is unavailable. So you can either create a ftproot folder at C: drive OR you can change it to Mount / C:\ to allow the user bob to see everything in C: drive. (Of course you can set it to any folder of your choice as long as you know what you’re doing). To allow the user bob have full read and write access to C: drive, just modify line 88 from Allow / Read List to Allow / All.
SlimFTPd Configuration
Once you’ve got the configuration file right, just run SlimFTPd.exe. You can run Task Manager to see whether SlimFTPd is listed in the running process or not. If not, you’ll have to check the log file to determine what is the problem.

SlimFTPd doesn’t run automatically when Windows is restarted. You can either create a shortcut and put it in Startup folder OR simply run ServiceTool.exe and click the Install button which will automatically put SlimFTPd.exe in Windows services.
Install FTP service

Because SlimFTPd is a FTP server that runs quietly in background, there are some antivirus program will detect is as potentially unwanted program, Riskware, HackTool, or not-a-virus. I’ve tried scanning SlimFTPd with 39 antivirus on VirusTotal and 15 of them detected it as a threat. Well it is not really a threat but just being cautious to warn you in case other people planted it on your computer without your knowledge. If you want to install it on your computer, just add it to the exclusion list.

I’ve tried to crypt SlimFTPd.exe with BCD – Binder\Cryptor\Downloader so it’ll be fully undetectable (FUD) by antivirus but it makes SlimFTPd unusable. I guess it is because that SlimFTPd is a command line application and BCD doesn’t support crypting command line applications. Well, the source code for SlimFTPd is available and if you’re an experienced programmer, you might be able to make it fully undetectable 😈

Didn’t find what you want? The links below could help: