Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Host Access Control

Discussion in 'Security' started by keat63, Feb 7, 2017.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    885
    Likes Received:
    26
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I have a dynamic IP at home which of course occasionally changes.
    Today, Host access control allowed me to login to FTP, even though my IP isn't white listed.

    The last entry in HAC is ALL ALL deny

    How did this happen??

    Successful Login as “user-acc" from an Unknown Network
    Domain: mydomain.com
    Service: pure-ftpd
    Local IP Address: xxx.xxx.xxx.xxx
    Local Port:
    21
    Remote IP Address: x.xx.xx.xx
    Authentication Database: system
    Username: user-acc
    Known Network †: No ⚠
     
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    885
    Likes Received:
    26
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    885
    Likes Received:
    26
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    So I toyed with my FTP server selection last night, and now I remember why I switched from proftp to Pure-ftp.

    Proftp is constantly echoing to var/log/messages.
    Feb 8 11:25:53 proftpd[17111]: xxx.xxx.xxx.xx (127.0.0.1[127.0.0.1]) - FTP session opened.
    Feb 8 11:25:53 proftpd[17111]: xxx.xxx.xxx.xx (127.0.0.1[127.0.0.1]) - FTP session closed.

    I switched to Pure-ftp to stop this from happening.




    So now I'm in a catch 22, unless someone can inform otherwise.

    Is there a way to supress these messages for Proftp, or is there a method to utilse HostAccessControl when using Pure-FTP
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Pure-FTP does not support TCP wrappers, and thus won't work with the /etc/hosts.allow file on the system ("WHM >> Host Access Control" is simply a UI for this system file). Do you utilize a firewall management utility such as CSF? If so, a common workaround is to close port 21 in the CSF configuration, and then whitelist the IP addresses that require FTP access.

    Thank you.
     
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    885
    Likes Received:
    26
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I never thought of that
     
Loading...

Share This Page