Hi all,
We have CSF installed on the cPanel server - Now we have a user who tries and connects via FTP and everytime they do, they can't make a successful connection and I've had a look at the logs and it shows the following:
It shows them logging in and straight after they get the following:
Apr 25 15:28:08 webhost kernel: Firewall: *TCP_IN Blocked* IN=ens160 OUT= MAC=00:50:56:04:8d:c1:c0:62:6b:e3:5c:80:08:00 SRC=60.228.XX.XX DST=5.135.174.2 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=31089 DF PROTO=TCP SPT=53396 DPT=52838 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 25 15:28:11 webhost kernel: Firewall: *TCP_IN Blocked* IN=ens160 OUT= MAC=00:50:56:04:8d:c1:c0:62:6b:e3:5c:80:08:00 SRC=60.228.XX.XX DST=5.135.174.2 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=31090 DF PROTO=TCP SPT=53396 DPT=52838 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 25 15:28:17 webhost kernel: Firewall: *TCP_IN Blocked* IN=ens160 OUT= MAC=00:50:56:04:8d:c1:c0:62:6b:e3:5c:80:08:00 SRC=60.228.XX.XX DST=5.135.174.2 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=31091 DF PROTO=TCP SPT=53396 DPT=52838 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 25 15:48:08 webhost pure-ftpd: ([email protected]@60.228.XXX.XXX) [INFO] Timeout
Apart from allowing their IP on the "allowed list" which most likely will allow them connect - Is there any config changes we can do, so we don't have to keep putting people onto the allow list for them to make successful FTP connections.
Cheers,
We have CSF installed on the cPanel server - Now we have a user who tries and connects via FTP and everytime they do, they can't make a successful connection and I've had a look at the logs and it shows the following:
It shows them logging in and straight after they get the following:
Apr 25 15:28:08 webhost kernel: Firewall: *TCP_IN Blocked* IN=ens160 OUT= MAC=00:50:56:04:8d:c1:c0:62:6b:e3:5c:80:08:00 SRC=60.228.XX.XX DST=5.135.174.2 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=31089 DF PROTO=TCP SPT=53396 DPT=52838 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 25 15:28:11 webhost kernel: Firewall: *TCP_IN Blocked* IN=ens160 OUT= MAC=00:50:56:04:8d:c1:c0:62:6b:e3:5c:80:08:00 SRC=60.228.XX.XX DST=5.135.174.2 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=31090 DF PROTO=TCP SPT=53396 DPT=52838 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 25 15:28:17 webhost kernel: Firewall: *TCP_IN Blocked* IN=ens160 OUT= MAC=00:50:56:04:8d:c1:c0:62:6b:e3:5c:80:08:00 SRC=60.228.XX.XX DST=5.135.174.2 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=31091 DF PROTO=TCP SPT=53396 DPT=52838 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 25 15:48:08 webhost pure-ftpd: ([email protected]@60.228.XXX.XXX) [INFO] Timeout
Apart from allowing their IP on the "allowed list" which most likely will allow them connect - Is there any config changes we can do, so we don't have to keep putting people onto the allow list for them to make successful FTP connections.
Cheers,
