Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

/etc/chkserv.d/ftpd suddenly overwritten?

Discussion in 'General Discussion' started by kpmedia, Apr 29, 2015.

  1. kpmedia

    kpmedia Well-Known Member

    Joined:
    Feb 13, 2011
    Messages:
    87
    Likes Received:
    1
    Trophy Points:
    56
    Location:
    USA, Europe
    cPanel Access Level:
    Root Administrator
    For some reason, /etc/chkserv.d/ftpd is being overwritten throughout the day. (No, it's not just at the nightly cPanel update!) The custom port is being replaced by the unwanted hacker-beloved default 21. Prior to 2-3 days ago, this was never an issue.

    Further, it's only an issue on a single server, not all servers in use.

    Confounding still, some users can login to FTP, while others cannot.

    Why is this happening?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Have you tried disabling monitoring for the FTP service via "WHM Home »Service Configuration » Service Manager"?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Bashed

    Bashed Well-Known Member

    Joined:
    Dec 18, 2013
    Messages:
    113
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Same problem here. Why would disabling the FTP monitor fix this? Curious
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    It's to see if the file is being overwritten by a hacker, as suspected by the poster, or if it's actually overwritten by Chkservd. Could you elaborate on how you modified the FTP port? The supported method is documented here:

    FTP Configuration Changes

    Also, you should create a hook that copies your custom version of the file back to /etc/chkserv.d/ftpd after each cPanel update. A guide on this is available at:

    Standardized Hook Example

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. kpmedia

    kpmedia Well-Known Member

    Joined:
    Feb 13, 2011
    Messages:
    87
    Likes Received:
    1
    Trophy Points:
    56
    Location:
    USA, Europe
    cPanel Access Level:
    Root Administrator
    No. I didn't say that.

    It is indeed cPanel that is overwriting it. Disabling the FTP monitor has nothing to do with this.

    It still happens, from time to time. It's very annoying, a waste of time, and a security issue when it just opens up default ports all on its own.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    I researched this topic some more and noticed two additional threads where this issue was reported:

    ChkServd problem
    Trouble Assigning Alternate FTP Port

    There is currently no native support for Chkservd to monitor Pure-FTPd on an alternate port. I suggest opening a feature request for this via:

    Submit A Feature Request

    However, note that Chkservd is only overwriting the port used to check if FTP is running. It doesn't actually modify the FTP configuration itself. Thus, you can still run FTP on a custom port. It's just the monitoring of the service that's not supported.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice