How do you close anonymous FTP?

[itf]

[quote:716e84b90f][i:716e84b90f]Originally posted by Juanra[/i:716e84b90f]

[quote:716e84b90f][i:716e84b90f]Originally posted by mikerayner[/i:716e84b90f]
Also it is impossible to login with anonymous (not anonymous@domain.com) on our main shared IP without what you suggested too.[/quote:716e84b90f]

Oops, you're right... I used to have the same problem as ozzi4648, anonymous FTP led to / and I didn't like that so that's why I always change 'allow all' to 'deny all'.

ozzi4648, what does this yield on your server:
# grep &ftp:\*& /etc/proftpd/passwd.vhosts[/quote:716e84b90f]

If one of you send your root password to me I'll fix it up.

[ozzi4648]

[quote:12cef3cdbe][i:12cef3cdbe]Originally posted by mikerayner[/i:12cef3cdbe]

[quote:12cef3cdbe][i:12cef3cdbe]Originally posted by Juanra[/i:12cef3cdbe]

What I do is changing the top-level anonymous block in proftpd.conf; changes are in bold:

# A basic anonymous configuration, no upload directories.
&Anonymous ~ftp&
UseFtpUsers on
RequireValidShell off

User ftp
Group ftp
# We want clients to be able to login with &anonymous& as well as &ftp&
UserAlias anonymous ftp

&Limit LOGIN&
[b:12cef3cdbe]#AllowAll[/b:12cef3cdbe]
[b:12cef3cdbe]DenyAll[/b:12cef3cdbe]
&/Limit&
# Limit the maximum number of anonymous logins
MaxClients 10
MaxClientsPerHost 1

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
&Limit WRITE&
DenyAll
&/Limit&

&/Anonymous&

[/quote:12cef3cdbe]
Juanra,
it causes no anonymous for all of users? doesn't it?
I want just disable anonymous access (both ftp and anonymous) for some of users who have name based account, and used what itf wrote (method 2), it works fine http://forums.cpanel.net/read.php?TID=4954&page=3#21445[/quote:12cef3cdbe]

mikerayner, you solution works great. It will not allow ftp or anonymous to our ip and still allows our users to anon ftp or ftp to their user accounts without any problems. Finally! The entire thread was starting to get very confusing. THANKS YOU EVERYONE!

[mikerayner]

[quote:e04bba8b3d][i:e04bba8b3d]Originally posted by ozzi4648[/i:e04bba8b3d]
it causes no anonymous for all of users? doesn't it?
I want just disable anonymous access (both ftp and anonymous) for some of users who have name based account, and used what itf wrote (method 2), it works fine http://forums.cpanel.net/read.php?TID=4954&page=3#21445[/quote:e04bba8b3d]

mikerayner, you solution works great. It will not allow ftp or anonymous to our ip and still allows our users to anon ftp or ftp to their user accounts without any problems. Finally! The entire thread was starting to get very confusing. THANKS YOU EVERYONE![/quote]
ozzi4648,

It was not my solution [b:e04bba8b3d]ITF[/b:e04bba8b3d], wrote that in: -click on the link-http://forums.cpanel.net/read.php?TID=4954&page=3#21445 (page 3 of this thread)

I just used it, it works great thanks ITF

[moronhead]

I've lost track of this thread. What's the solution you guys have ultimately decided on? (without referring to another post)

Norman

[mikerayner]

[quote:286d2e2938][i:286d2e2938]Originally posted by moronhead[/i:286d2e2938]

I've lost track of this thread. What's the solution you guys have ultimately decided on? (without referring to another post)

Norman[/quote:286d2e2938]
[b:286d2e2938]I wrote above; click on this link
http://forums.cpanel.net/read.php?TID=4954&page=3#21445

Solutions are located at page 3 of this thread, written by ITF[/b:286d2e2938]

[quote:286d2e2938][i:286d2e2938]Originally posted by itf[/i:286d2e2938]

[b:286d2e2938]Disabling both ftp and anonymous FTP users[/b:286d2e2938] (for a group of customers)

Cpanel handles Anonymous access permission in Cpanel -& Account Settings -& Anonymous FTP controls by chmoding /home/user/public_ftp directory
This way it grants or denies Anonymous access permissions.

But if you would like to disable accessing your server anonymously by either “[b:286d2e2938]anonymous[/b:286d2e2938]” user or “[b:286d2e2938]ftp[/b:286d2e2938]” user

[b:286d2e2938]Method 1)[/b:286d2e2938]
You can
Comment out ftp entry in /etc/proftpd/username
and
Comment out ftp@domain.com and anonymous@domain.com in /etc/proftpd/passwd.vhosts

[b:286d2e2938]Method 2) Recommended Method[/b:286d2e2938]
You can also change the directory /home/user/public_ftp attribute chattr +i and chmod -x it then that user has not anonymous access
(this method is better because Cpanel will not overwrite your setting)

Then anonymous users ( ftp and anonymous) for that domain do not work (can not login), it doesn’t matter it is an IP based or a name based account.

* for IP based accounts you can also modify /etc/proftpd.conf too

ozzi4648,
you can disable both ftp and anonymous users this way and it is not necessary to modify /etc/proftpd.conf file also if user tries to enable anonymous access via Cpanel he/she has no luck[/quote:286d2e2938]

[moronhead]

That's true. Itf's 2nd method will do the job of stopping name-based anons.

You can get the same result without changing the ownership by doing this:

chmod 0 ~username/public_ftp
chattr +i ~username/public_ftp

To re-grant anon privileges to the client, reverse the above:

chattr -i ~username/public_ftp
chmod 750 ~username/public_ftp


Coming back to ozzi4648, his original question was about stopping people accessing his server IP anonymously. The quickest way to achieve that is, as I explained earlier in this thread, adding this line:

ftp

to /etc/ftpusers file. I believe that's what he's done.

Norman

[ozzi4648]

[quote:e677060c92][i:e677060c92]Originally posted by itf[/i:e677060c92]

[quote:e677060c92][i:e677060c92]Originally posted by Juanra[/i:e677060c92]

[quote:e677060c92][i:e677060c92]Originally posted by mikerayner[/i:e677060c92]
Also it is impossible to login with anonymous (not anonymous@domain.com) on our main shared IP without what you suggested too.[/quote:e677060c92]

Oops, you're right... I used to have the same problem as ozzi4648, anonymous FTP led to / and I didn't like that so that's why I always change 'allow all' to 'deny all'.

ozzi4648, what does this yield on your server:
# grep &ftp:\*& /etc/proftpd/passwd.vhosts[/quote:e677060c92]

If one of you send your root password to me I'll fix it up. [/quote:e677060c92]

Thanks for you help, hopefully i can give back a little. I mentioned that we run 22 additonal boxes. Those are all Ensim or Plesk servers. We are branching out to Cpanel now. We want to give our users a variety of different CP's to choose from. In either case you can visit my tutorial site. It deals mostly with installing different kinds of software thats Ensim specific, however software like phpPgAdmin and Chkrootkit is not specific to Ensim and may be installed on virtually any Linux server. We have many many people visting our site daily. Mostly Ensim newbies. You can find the link to the Linux Tutorial Network at http://linux.cvf.net . Click on LINUX at the top of the page. You will find my tutorials by scrolling down the page. Thanks for you help. I hope somebody can find something useful on The Linux Tutorial Network. I will probably modify the site at a later date to include tutorials on how to install software on a Cpanel box.

-AuZ

[mikerayner]

[quote:95ed71878f][i:95ed71878f]Originally posted by moronhead[/i:95ed71878f]

That's true. Itf's 2nd method will do the job of stopping name-based anons.

You can get the same result without changing the ownership by doing this:

chmod 0 ~username/public_ftp
chattr +i ~username/public_ftp

To re-grant anon privileges to the client, reverse the above:

chattr -i ~username/public_ftp
chmod 750 ~username/public_ftp


Coming back to ozzi4648, his original question was about stopping people accessing his server IP anonymously. The quickest way to achieve that is, as I explained earlier in this thread, adding this line:

ftp

to /etc/ftpusers file. I believe that's what he's done.

Norman[/quote:95ed71878f]
Moronhead,

thank you Moronhead, but putting ftp in /etc/ftpusers will block ftp user to access ftp which results in immediate blocking anonymous ftp for the entire system that is not our goal, also I read what you wrote in this thread before

We want to block anonymous ftp for some parts of users who have name based account and are in Starter kit plan , and blocking those who have abused anonymous ftp and the methods that ITF, wrote in page 3 of this thread are useful in this case, I used both methods and both worked, and think method 1 could be implemented by Nick in WHM to offer anonymous ftp service on a user per user basis. (click on this link to go to ITF's post http://forums.cpanel.net/read.php?TID=4954&page=3#21445 )

Again thanks ITF and Moronhead for your helps


[quote:95ed71878f][i:95ed71878f]Originally posted by ozzi4648 [/i:95ed71878f]
Thanks for you help, hopefully i can give back a little. I mentioned that we run 22 additonal boxes. Those are all Ensim or Plesk servers. We are branching out to Cpanel now. We want to give our users a variety of different CP's to choose from. In either case you can visit my tutorial site. It deals mostly with installing different kinds of software thats Ensim specific, however software like phpPgAdmin and Chkrootkit is not specific to Ensim and may be installed on virtually any Linux server. We have many many people visting our site daily. Mostly Ensim newbies. You can find the link to the Linux Tutorial Network at ...... . Click on LINUX at the top of the page. You will find my tutorials by scrolling down the page. Thanks for you help. I hope somebody can find something useful on The Linux Tutorial Network. I will probably modify the site at a later date to include tutorials on how to install software on a Cpanel box.

-AuZ
[/quote:95ed71878f]ozzi4648,
I think we are here to get solutions on our problems not for propaganda, I'm sure ITF and Moronhead do not need your Tutorials, as they are experts.
click on their profiles.

[moronhead]

[quote:eac48ba4c9][i:eac48ba4c9]Originally posted by mikerayner[/i:eac48ba4c9]

[quote:eac48ba4c9][i:eac48ba4c9]Originally posted by moronhead[/i:eac48ba4c9]

That's true. Itf's 2nd method will do the job of stopping name-based anons.

You can get the same result without changing the ownership by doing this:

chmod 0 ~username/public_ftp
chattr +i ~username/public_ftp

To re-grant anon privileges to the client, reverse the above:

chattr -i ~username/public_ftp
chmod 750 ~username/public_ftp


Coming back to ozzi4648, his original question was about stopping people accessing his server IP anonymously. The quickest way to achieve that is, as I explained earlier in this thread, adding this line:

ftp

to /etc/ftpusers file. I believe that's what he's done.

Norman[/quote:eac48ba4c9]
Moronhead,

thank you Moronhead, but putting ftp in /etc/ftpusers will block ftp user to access ftp which results in immediate blocking anonymous ftp for the entire system that is not our goal, also I read what you wrote in this thread before

We want to block anonymous ftp for some parts of users who have name based account and are in Starter kit plan , and blocking those who have abused anonymous ftp and the methods that ITF, wrote in page 3 of this thread are useful in this case, I used both methods and both worked, and think method 1 could be implemented by Nick in WHM to offer anonymous ftp service on a user per user basis. (click on this link to go to ITF's post http://forums.cpanel.net/read.php?TID=4954&page=3#21445 )

Again thanks ITF and Moronhead for your helps.
[/quote:eac48ba4c9]
& method 1 could be implemented by Nick in WHM to offer anonymous ftp service on a user per user basis.

I agree!

& ... putting ftp in will block ftp user to access ftp which results in immediate blocking anonymous ftp for the entire system that is not our goal

That isn't entirely correct. Adding ftp to /etc/ftpusers blocks anonymous access to IP-based hosts. It doesn't block anon ftp for name-based hosts.

[mikerayner]

[quote:ecda43b051][i:ecda43b051]Originally posted by moronhead[/i:ecda43b051]
[quote:ecda43b051][i:ecda43b051]Originally posted by mikerayner[/i:ecda43b051]
Moronhead,

thank you Moronhead, but putting ftp in /etc/ftpusers will block ftp user to access ftp which results in immediate blocking anonymous ftp for the entire system that is not our goal, also I read what you wrote in this thread before

We want to block anonymous ftp for some parts of users who have name based account and are in Starter kit plan , and blocking those who have abused anonymous ftp and the methods that ITF, wrote in page 3 of this thread are useful in this case, I used both methods and both worked, and think method 1 could be implemented by Nick in WHM to offer anonymous ftp service on a user per user basis. (click on this link to go to ITF's post http://forums.cpanel.net/read.php?TID=4954&page=3#21445 )

Again thanks ITF and Moronhead for your helps.
[/quote:ecda43b051]
& method 1 could be implemented by Nick in WHM to offer anonymous ftp service on a user per user basis.

I agree!

& ... putting ftp in will block ftp user to access ftp which results in immediate blocking anonymous ftp for the entire system that is not our goal

That isn't entirely correct. Adding ftp to /etc/ftpusers blocks anonymous access to IP-based hosts. It doesn't block anon ftp for name-based hosts. [/quote:ecda43b051]
&That isn't entirely correct. Adding ftp to /etc/ftpusers blocks anonymous access to IP-based hosts. It doesn't block anon ftp for name-based hosts.

However, we don't want to block anonymous access to all of IP-based accounts we want to offer anonymous ftp service on a user per user basis (without interrupting enable disable anonymous in Cpanel -theme- by users who have been granted for anonymous ftp access) and used ITF's Method 2 and it works ; but I believe that we have to submit a feature request and ask to implement method 1 by Nick in WHM

Thanks a lot

[moronhead]

The /etc/ftpusers solution was in reply to the question asked at the beginning of this thread (1st post). That handles that requirement: blocking access to the server IP when there are no other accounts on the server to worry about.