/etc/chkserv.d/ftpd suddenly overwritten?

kpmedia

Well-Known Member
Feb 13, 2011
87
1
58
USA, Europe
cPanel Access Level
Root Administrator
For some reason, /etc/chkserv.d/ftpd is being overwritten throughout the day. (No, it's not just at the nightly cPanel update!) The custom port is being replaced by the unwanted hacker-beloved default 21. Prior to 2-3 days ago, this was never an issue.

Further, it's only an issue on a single server, not all servers in use.

Confounding still, some users can login to FTP, while others cannot.

Why is this happening?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello,

Have you tried disabling monitoring for the FTP service via "WHM Home »Service Configuration » Service Manager"?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Same problem here. Why would disabling the FTP monitor fix this? Curious
Hello :)

It's to see if the file is being overwritten by a hacker, as suspected by the poster, or if it's actually overwritten by Chkservd. Could you elaborate on how you modified the FTP port? The supported method is documented here:

FTP Configuration Changes

Also, you should create a hook that copies your custom version of the file back to /etc/chkserv.d/ftpd after each cPanel update. A guide on this is available at:

Standardized Hook Example

Thank you.
 

kpmedia

Well-Known Member
Feb 13, 2011
87
1
58
USA, Europe
cPanel Access Level
Root Administrator
is being overwritten by a hacker, as suspected by the poster
No. I didn't say that.

It is indeed cPanel that is overwriting it. Disabling the FTP monitor has nothing to do with this.

It still happens, from time to time. It's very annoying, a waste of time, and a security issue when it just opens up default ports all on its own.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello :)

I researched this topic some more and noticed two additional threads where this issue was reported:

ChkServd problem
Trouble Assigning Alternate FTP Port

There is currently no native support for Chkservd to monitor Pure-FTPd on an alternate port. I suggest opening a feature request for this via:

Submit A Feature Request

However, note that Chkservd is only overwriting the port used to check if FTP is running. It doesn't actually modify the FTP configuration itself. Thus, you can still run FTP on a custom port. It's just the monitoring of the service that's not supported.

Thank you.