Results 1 to 9 of 9

Thread: Help How to secure ftp + Exploits

  1. #1
    Mor
    Mor is offline
    Registered Member
    Join Date
    Feb 2011
    Posts
    21

    Default Help How to secure ftp + Exploits

    hey how do i secure ftp + Exploits
    of no one can hack my root and get Information of my client from in ftp

    c99 and all how i can secure that?

  2. #2
    Registered Member JeffP.'s Avatar
    Join Date
    Sep 2010
    Posts
    164

    Default Re: Help How to secure ftp + Exploits

    For FTP, I would recommend the following:

    1. Log into WHM as root
    2. Click "FTP Server Configuration"
    3. The first option is labeled "TLS Encryption Support". In the dropdown menu there is an option that says "Required (Command/Data)"

    That will prevent usernames and passwords being sent over the Internet in plain text when users log into FTP.

    Additionally, avoid using insecure FTP applications like FileZilla that store your FTP usernames and passwords in plain text on your computer, and warn your users of the same.

    In regards to security in general, keep in mind that less code means less surface area to attack. So, be very careful about installing 3rd party applications on your machine, regardless of their intended purpose.

  3. #3
    Registered Member cPanel Partner NOC Badge
    Join Date
    Oct 2003
    Posts
    2,185

    Default Re: Help How to secure ftp + Exploits

    Install mod security with a good rule set
    keep 3 party scripts up2date
    Lowest Host/Empire Technology LLC
    24x7 Tech Support http://empire-hosting.net
    XEN Servers Now http://xenserversnow.com - Budget XEN VPS /

  4. #4
    Mor
    Mor is offline
    Registered Member
    Join Date
    Feb 2011
    Posts
    21

    Default Re: Help How to secure ftp + Exploits

    ok tnx ara u

  5. #5
    Registered Member
    Join Date
    May 2006
    Location
    Johannesburg, South Africa
    Posts
    988
    cPanel Access Level

    Root Administrator

    Default Re: Help How to secure ftp + Exploits

    Quote Originally Posted by cPanelJeff View Post
    Additionally, avoid using insecure FTP applications like FileZilla that store your FTP usernames and passwords in plain text on your computer, and warn your users of the same.
    What other free FTP clients would you actually recommend?
    • cPanel :: Fantastico :: RVSkin :: WHM :: ModernBill
    • Reseller Hosting :: SSL Certificates :: Domain Registrations :: Affiliate Program
    • Blog Hosting :: CMS Hosting :: Forum Hosting :: E-Commerce Hosting

    SoftDux- The Leaders in Software
    Use the coupon: cpanel-06 to get 20% off our packages

  6. #6
    Registered Member padani's Avatar
    Join Date
    Apr 2007
    Location
    AUSTRALIA
    Posts
    34
    cPanel Access Level

    Root Administrator

    Default Re: Help How to secure ftp + Exploits

    Hi,

    Better go with sftp.
    RHCE , CCNP , MCTS

  7. #7
    cPanel Staff cPanelTristan's Avatar
    Join Date
    Oct 2010
    Location
    somewhere over the rainbow
    Posts
    7,611
    cPanel Access Level

    Root Administrator

    Default Re: Help How to secure ftp + Exploits

    It wouldn't be better to use sFTP over TLS with data and command being forced. sFTP allows users access to view / portions of the system outside their /home directory due to how it works. TLS is as secure if not more than sFTP without the inherent security issues and weaknesses that sFTP includes.
    cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
    -- Tristan, Technical Analyst III, Forums Specialist, cPanel Tech Support

    Submit a ticket | Check an existing ticket

  8. #8
    Registered Member
    Join Date
    Jul 2007
    Posts
    10
    cPanel Access Level

    Root Administrator

    Default Re: Help How to secure ftp + Exploits

    Hello,

    We use /http://www.pyxsoft.com. It scans all FTP uploads in realtime, blocking all known malware (c99,r57 and so on ).
    Also it scans all HTTP uploads blocking known and unknown scripts (perl scripts and PHP scritps)

    We are using it in our network and it have blocked hundreds of attacks.

  9. #9
    Registered User
    Join Date
    Nov 2010
    Posts
    3

    Default Re: Help How to secure ftp + Exploits

    Quote Originally Posted by cPanelTristan View Post
    It wouldn't be better to use sFTP over TLS with data and command being forced. sFTP allows users access to view / portions of the system outside their /home directory due to how it works. TLS is as secure if not more than sFTP without the inherent security issues and weaknesses that sFTP includes.
    I arrived to a solution suitable for servers with cpanel.

    Background:
    1. When the user logs in via SFTP the authentication runs against their /home/username allowing them to have a ~/.ssh/authorized_keys file.
    2. Once authenticated they are chrooted to /chroot/username.
    3. Then the internal-sftp service is launched delivering a shell to in their home directory /home/username within the chroot.
    Their home directory will look the same to them with or without the chroot. The only difference is that if they cd out of their home directory they will see a filesystem that contains nothing else.

    It requires openssh >=4.8, which is not available in standard repositories with centos 5 + cpanel, since it takes advantage of ChrootDirectory directive.
    Centos 6 + cpanel servers run an updated version of openssh (>=5.3) so this is perfectly suitable for them.

    Solution tested on a Centos 6 server.

    1. Common steps for all accounts (just once)

    In /etc/ssh/sshd_config change to:
    # Subsystem sftp /usr/libexec/openssh/sftp-server
    Subsystem sftp internal-sftp

    Then append a new section:

    Match Group sftponly
    ChrootDirectory /chroot/%u
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

    2. Script to run once per account.

    usermod -G sftponly username
    mkdir -p /chroot/username/home/username
    chown -R root.sftponly /chroot/username
    chmod -R 750 /chroot/username

    #cosmetic section (displays user-friendly owner and group names in sftp client session)
    mkdir /chroot/username/etc
    chgrp sftponly /chroot/username/etc
    chmod 710 /chroot/username/etc
    getent passwd username > /chroot/username/etc/passwd
    echo "root:x:0:0:falso root:::" >> /chroot/username/etc/passwd
    chmod 644 /chroot/username/etc/passwd
    getent group sftponly > /chroot/username/etc/group
    getent group username >> /chroot/username/etc/group
    chmod 644 /chroot/username/etc/group
    #end cosmetic section

    echo "/home/username/public_html /chroot/username/home/username bind defaults,bind 0 0" >> /etc/fstab
    mount /chroot/username/home/username

    To-do: encapsulate in a bash shellscript with parameter <username>

    Hope you find it interesting.
    Last edited by pnueda; 05-02-2013 at 05:19 AM.

Similar Threads

  1. Secure FTP the right way
    By kers7754 in forum Security
    Replies: 7
    Last Post: 10-14-2014, 03:30 PM
  2. Secure FTP
    By dpika23 in forum General Discussion
    Replies: 2
    Last Post: 10-21-2005, 06:13 AM
  3. How can I use Secure FTP?
    By BianchiDude in forum General Discussion
    Replies: 8
    Last Post: 09-10-2005, 03:53 AM
  4. Secure FTP
    By dxer in forum General Discussion
    Replies: 0
    Last Post: 08-16-2004, 11:50 AM
bargain