blocked with too many connections on FTP

[Metro2]

Hi all,

I'm hoping someone might have a clue for me as to what might be going on with a particular customer on one of my dedicated's. I use ConfigServer's CSF/LFD scripts, and this customer keeps getting "blocked with too many connections" when he FTP's in and tries to download his public_html folder to his computer.

Here's an example of an LFD alert I typically receive when he tries to FTP and gets blocked:

Time: Thu Aug 2 16:00:59 2007
IP: xx.xxx.xx.xxx (ppp-xx-xxx-xx-xxx.dsl.hstntx.swbell.net)
Connections: 878
Blocked: temporarily

When I check the lfd.log file all I see for it is this:

Thu Aug 2 16:00:59 2007 lfd: (CT) IP xx.xxx.xx.xxx found to have 878 connections - *Blocked in csf* for 1800 secs

At first I suspected that it might be his FTP client, so I had him try a different one. Same results.

This problem doesn't happen with any other customers.

Is it possible that his computer might be compromised and that maybe some form of malware on his system is creating extra connections when he logs in to FTP? (I have asked him to run some security scans on his system, waiting for results).

Are there other possibilities that anyone here can think of that might cause him to have "800 connections" simply by FTP'ing in to the server and downloading his web site?

Thanks for any opinions / advice, I appreciate it.

[lloyd_tennison]

Just set the number of download threads in his client.

[Metro2]

Thanks for the response lloyd. CuteFTP defaults to only 4 threads but we can try setting it to 1. But still I'm not convinced that's the issue since I have many customers using the same FTP software and settings and none of them encounter this problem. Wouldn't I see this happening to all customers who use the same FTP software and settings as this guy?

[bornonline]

I have seen this too. I set Maxclients in pure-ftp conf to like 8 connections per IP.
Then type
root@server [/etc]# /usr/sbin/pure-config.pl /etc/pure-ftpd.conf
Running: /usr/sbin/pure-ftpd -A -c50 -B -C4 -D -E -fftp -H -I15 -lextauth:/var/run/ftpd.sock -L2000:8 -m

You could try something like this. It has worked for me.

[Fernis]

I have seen this too. I set Maxclients in pure-ftp conf to like 8 connections per IP.
Then type
root@server [/etc]# /usr/sbin/pure-config.pl /etc/pure-ftpd.conf
Running: /usr/sbin/pure-ftpd -A -c50 -B -C4 -D -E -fftp -H -I15 -lextauth:/var/run/ftpd.sock -L2000:8 -m

You could try something like this. It has worked for me.

Would you mind explaining what this does?

[bornonline]

Sets the max FTP(pure-ftp) connections to eight per IP address.

[Fernis]

Sets the max FTP(pure-ftp) connections to eight per IP address.

This would accomplish the same thing as editing the pure-ftpd.conf, such as?

# Maximum number of sim clients with the same IP address

MaxClientsPerIP 8

[bornonline]

Yes, but not until you run "/usr/sbin/pure-config.pl /etc/pure-ftpd.conf" after the change in the conf file. Just changing the conf file did not work for me.

This would accomplish the same thing as editing the pure-ftpd.conf, such as?

# Maximum number of sim clients with the same IP address

MaxClientsPerIP 8

[Fernis]

Would you mind posting or Pming me your pure-ftpd.conf?

[easyhoster1]

Yes, but not until you run "/usr/sbin/pure-config.pl /etc/pure-ftpd.conf" after the change in the conf file. Just changing the conf file did not work for me.

Did you restart the FTP server? You need to restart te server after editing the config.

[Metro2]

Still running into this issue even after checking the settings in pure-ftpd.conf and restarting FTP services in WHM.

Only happens with a few users our of hundreds, but those few are obviously frustrated and wondering why I don't have a fix for them.

Anyone else still have this problem?

[lloyd_tennison]

How many concurrent connections do they have set in their ftp client? I would guess that is the problem, for those few.

[gtgeorge]

I saw this occur on one of my own accounts last year when using Filezilla set at 2 connections. I changed it to 1 and had no more problems. Ask those users which ftp software and the # of concurrent connections they are set to.