Ben Taylor

Registered
Jun 27, 2019
4
0
1
Swaziland
cPanel Access Level
Root Administrator
I am trying for the last few weeks to simply change my FTP port from 21 to something more secure.

I am using pureftpd on Centos 7.6

I have changed BIND 21 to BIND 2121 then added it into my CSF firewall TCP setting for IN then restarted both services. The error after this is that FTP logs in successfully, but timeout retrieving directory.

Then I found out I need to enable Passive ports. which I found was already enabled. So I used a port number in the range that I found there ie 50000. Add it in CSF, restart both services. But still retrieving directory.

It would seem that every article, tutorial says the same. Simply change BIND port in pureftp config, add to firewall, restart services and its done? but it is not done at all because it does not work.

Why does everything have to be so convoluted and impossible to figure out within two weeks just to change one number to stop getting a brute force attack and an email every minute of every day?
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,862
2,216
363
cPanel Access Level
DataCenter Provider
Twitter
Then I found out I need to enable Passive ports. which I found was already enabled. So I used a port number in the range that I found there ie 50000. Add it in CSF, restart both services. But still retrieving directory.
Hello @Ben Taylor,

You'll need to authorize more than just a single port from the default passive port range. We provide a guide on this at:


Let me know if this helps.

Thank you.
 

Ben Taylor

Registered
Jun 27, 2019
4
0
1
Swaziland
cPanel Access Level
Root Administrator
Hello @Ben Taylor,

You'll need to authorize more than just a single port from the default passive port range. We provide a guide on this at:


Let me know if this helps.

Thank you.
Thanks, but I am not sure what I am supposed to do from that page. The only thing I could see that was relevant for me to run restart force
Code:
/usr/local/cpanel/scripts/setupftpserver pure-ftpd --force
I didn't need to change the port range because it is already there. I just need to change the the port from 21 to 50000.

The file /var/cpanel/conf/pureftpd/local did not exist but what am I supposed to put in there?
ForcePassiveIP: 203.0.113.0??
Hello @Ben Taylor,

You'll need to authorize more than just a single port from the default passive port range. We provide a guide on this at:


Let me know if this helps.

Thank you.
I have followed this the best I can. But my port is still 21. I have literally read every article over the last five years for changing ports for pureftpd and none of them go into how to add more than one for for passive mode.