The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

/etc/chkserv.d/ftpd suddenly overwritten?

Discussion in 'General Discussion' started by kpmedia, Apr 29, 2015.

  1. kpmedia

    kpmedia Well-Known Member

    Joined:
    Feb 13, 2011
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA, Europe
    cPanel Access Level:
    Root Administrator
    For some reason, /etc/chkserv.d/ftpd is being overwritten throughout the day. (No, it's not just at the nightly cPanel update!) The custom port is being replaced by the unwanted hacker-beloved default 21. Prior to 2-3 days ago, this was never an issue.

    Further, it's only an issue on a single server, not all servers in use.

    Confounding still, some users can login to FTP, while others cannot.

    Why is this happening?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. Bashed

    Bashed Well-Known Member

    Joined:
    Dec 18, 2013
    Messages:
    78
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Same problem here. Why would disabling the FTP monitor fix this? Curious
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's to see if the file is being overwritten by a hacker, as suspected by the poster, or if it's actually overwritten by Chkservd. Could you elaborate on how you modified the FTP port? The supported method is documented here:

    FTP Configuration Changes

    Also, you should create a hook that copies your custom version of the file back to /etc/chkserv.d/ftpd after each cPanel update. A guide on this is available at:

    Standardized Hook Example

    Thank you.
     
  5. kpmedia

    kpmedia Well-Known Member

    Joined:
    Feb 13, 2011
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA, Europe
    cPanel Access Level:
    Root Administrator
    No. I didn't say that.

    It is indeed cPanel that is overwriting it. Disabling the FTP monitor has nothing to do with this.

    It still happens, from time to time. It's very annoying, a waste of time, and a security issue when it just opens up default ports all on its own.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I researched this topic some more and noticed two additional threads where this issue was reported:

    ChkServd problem
    Trouble Assigning Alternate FTP Port

    There is currently no native support for Chkservd to monitor Pure-FTPd on an alternate port. I suggest opening a feature request for this via:

    Submit A Feature Request

    However, note that Chkservd is only overwriting the port used to check if FTP is running. It doesn't actually modify the FTP configuration itself. Thus, you can still run FTP on a custom port. It's just the monitoring of the service that's not supported.

    Thank you.
     
Loading...

Share This Page