The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do you close anonymous FTP?

Discussion in 'General Discussion' started by ozzi4648, Sep 30, 2002.

  1. ozzi4648

    ozzi4648 Guest

    I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controller on a per user account bases but howabout when there are no accounts on the box, where is this option set?

    Thanks
     
  2. MrHits

    MrHits Well-Known Member

    Joined:
    Oct 31, 2001
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    Log into WHM on port 2087 as such:
    https://yourdomainc.om:2087


    In the section entitled: Server Setup

    you will see a link to: Service Manager


    Uncheck the button next to &proftpd&

    this will disable FTP on your server.
     
  3. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    [quote:3fcdd6cd35][i:3fcdd6cd35]Originally posted by ozzi4648[/i:3fcdd6cd35]

    I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controller on a per user account bases but howabout when there are no accounts on the box, where is this option set?

    Thanks[/quote:3fcdd6cd35]
    anonymous ftp access to IP addresses which haven't been assigned to an account are disabled by default in Cpanel
    It means if you use an IP address for HTTP access and you see &Hey it worked page& you can't login with anonymous user by using that IP
     
  4. ozzi4648

    ozzi4648 Guest

    [quote:ddf6e7a55b][i:ddf6e7a55b]Originally posted by itf[/i:ddf6e7a55b]

    [quote:ddf6e7a55b][i:ddf6e7a55b]Originally posted by ozzi4648[/i:ddf6e7a55b]

    I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controller on a per user account bases but howabout when there are no accounts on the box, where is this option set?

    Thanks[/quote:ddf6e7a55b]
    anonymous ftp access to main-server-ip address is disabled by default in Cpanel[/quote:ddf6e7a55b]

    Actually it isn't. If i setup my client anonymous then ftp directly to my ip i get in without a problem. The question is how do you turn this off. This is not right!
     
  5. ozzi4648

    ozzi4648 Guest

    [quote:655167179b][i:655167179b]Originally posted by MrHits[/i:655167179b]

    Log into WHM on port 2087 as such:
    https://yourdomainc.om:2087


    In the section entitled: Server Setup

    you will see a link to: Service Manager


    Uncheck the button next to &proftpd&

    this will disable FTP on your server.

    [/quote:655167179b]

    Huh! I dont want to disable FTP across the entire server. Doing this will just CLOSE ftp for everyone!
     
  6. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    [quote:cd2be40272][i:cd2be40272]Originally posted by ozzi4648[/i:cd2be40272]

    [quote:cd2be40272][i:cd2be40272]Originally posted by itf[/i:cd2be40272]

    [quote:cd2be40272][i:cd2be40272]Originally posted by ozzi4648[/i:cd2be40272]

    I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controller on a per user account bases but howabout when there are no accounts on the box, where is this option set?

    Thanks[/quote:cd2be40272]
    anonymous ftp access to main-server-ip address is disabled by default in Cpanel[/quote:cd2be40272]

    Actually it isn't. If i setup my client anonymous then ftp directly to my ip i get in without a problem. The question is how do you turn this off. This is not right![/quote:cd2be40272]
    [b:cd2be40272]What I wrote is true but Unfortunately you haven't understood it:
    I wrote main server IP address then refined my post to discuss it:[/b:cd2be40272]
    [quote:cd2be40272][i:cd2be40272]Originally posted by itf[/i:cd2be40272]
    anonymous ftp access to IP addresses which haven't been assigned to an account are disabled by default in Cpanel
    It means if you use an IP address for HTTP access and you see &Hey it worked page& you can't login with anonymous user by using that IP[/quote:cd2be40272]

    It's clear if you offer anonymous ftp access for an account and if it has an IP address, you can login with anonymous user via that IP address

    Also [b:cd2be40272]if you want to disable anonymous ftp access to your server:[/b:cd2be40272]
    Find these lines at global section of [b:cd2be40272]/etc/proftpd.conf[/b:cd2be40272] and apply changes as shown in bold text, then restart proftpd:

    # A basic anonymous configuration, no upload directories.
    &Anonymous ~ftp&
    UseFtpUsers on
    RequireValidShell off

    User ftp
    Group ftp
    # We want clients to be able to login with &anonymous& as well as &ftp&
    [b:cd2be40272]# UserAlias anonymous ftp[/b:cd2be40272]

    &Limit LOGIN&
    AllowAll
    &/Limit&
    # Limit the maximum number of anonymous logins
    MaxClients 10

    # We want 'welcome.msg' displayed at login, and '.message' displayed
    # in each newly chdired directory.
    DisplayLogin welcome.msg
    DisplayFirstChdir .message

    # Limit WRITE everywhere in the anonymous chroot
    &Limit WRITE&
    DenyAll
    &/Limit&

    &/Anonymous&
     
  7. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    [i:65b52ea361]Originally posted by ozzi4648[/i:65b52ea361]

    & I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controlled on a per user account basis but how about when there are no accounts on the box, where is this option set?

    Are you trying to stop people uploading files or are you trying to stop them logging in anonymously, or both?
     
  8. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    [quote:c7b3dd915a][i:c7b3dd915a]Originally posted by moronhead[/i:c7b3dd915a]

    [i:c7b3dd915a]Originally posted by ozzi4648[/i:c7b3dd915a]

    & I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controlled on a per user account basis but how about when there are no accounts on the box, where is this option set?

    Are you trying to stop people uploading files or are you trying to stop them logging in anonymously, or both?[/quote:c7b3dd915a]
    read the title of his/her post: &How do you close anonymous FTP?&
    It is what I answered above
    refer to this post : http://forums.cpanel.net/read.php?TID=4954page=1#21406
     
  9. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    duplicate post
     
  10. ozzi4648

    ozzi4648 Guest

    [quote:20c181a82d][i:20c181a82d]Originally posted by itf[/i:20c181a82d]

    [quote:20c181a82d][i:20c181a82d]Originally posted by ozzi4648[/i:20c181a82d]

    [quote:20c181a82d][i:20c181a82d]Originally posted by itf[/i:20c181a82d]

    [quote:20c181a82d][i:20c181a82d]Originally posted by ozzi4648[/i:20c181a82d]

    I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controller on a per user account bases but howabout when there are no accounts on the box, where is this option set?

    Thanks[/quote:20c181a82d]
    anonymous ftp access to main-server-ip address is disabled by default in Cpanel[/quote:20c181a82d]

    Actually it isn't. If i setup my client anonymous then ftp directly to my ip i get in without a problem. The question is how do you turn this off. This is not right![/quote:20c181a82d]
    [b:20c181a82d]What I wrote is true but Unfortunately you haven't understood it:
    I wrote main server IP address then refined my post to discuss it:[/b:20c181a82d]
    [quote:20c181a82d][i:20c181a82d]Originally posted by itf[/i:20c181a82d]
    anonymous ftp access to IP addresses which haven't been assigned to an account are disabled by default in Cpanel
    It means if you use an IP address for HTTP access and you see &Hey it worked page& you can't login with anonymous user by using that IP[/quote:20c181a82d]

    It's clear if you offer anonymous ftp access for an account and if it has an IP address, you can login with anonymous user via that IP address

    Also [b:20c181a82d]if you want to disable anonymous ftp access to your entire server:[/b:20c181a82d]
    Find these lines at global section of [b:20c181a82d]/etc/proftpd.conf[/b:20c181a82d] and apply changes as shown in bold text, then restart proftpd:

    # A basic anonymous configuration, no upload directories.
    &Anonymous ~ftp&
    UseFtpUsers on
    RequireValidShell off

    User ftp
    Group ftp
    # We want clients to be able to login with &anonymous& as well as &ftp&
    [b:20c181a82d]# UserAlias anonymous ftp[/b:20c181a82d]

    &Limit LOGIN&
    AllowAll
    &/Limit&
    # Limit the maximum number of anonymous logins
    MaxClients 10

    # We want 'welcome.msg' displayed at login, and '.message' displayed
    # in each newly chdired directory.
    DisplayLogin welcome.msg
    DisplayFirstChdir .message

    # Limit WRITE everywhere in the anonymous chroot
    &Limit WRITE&
    DenyAll
    &/Limit&

    &/Anonymous&
    [/quote:20c181a82d]

    Thanks alot. So howabout when we create user sites, will they still be able to select anon ftp to their sites or was this change a system wide change?
     
  11. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    itf, I hope you are checking your theories thoroughly before posting them. ;)

    Because if you make the change you've suggested in /etc/proftpd.conf people can still log in to the server IP AND any other anon ftp account on the server with user name: [b:8d0d2a9e69]ftp[/b:8d0d2a9e69] and password: [b:8d0d2a9e69]any_password[/b:8d0d2a9e69].

    The only way ozzi4648 will be able to close the loophole, assuming there are no accounts on the server that he wants to have anon ftp, is adding:

    ftp

    to /etc/ftpusers !

    There was a reason why I posed my question to ozzi4648. :)
     
  12. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    [quote:b04a15c641][i:b04a15c641]Originally posted by ozzi4648[/i:b04a15c641]
    Thanks alot. So howabout when we create user sites, will they still be able to select anon ftp to their sites or was this change a system wide change?[/quote:b04a15c641]

    If you no longer want anyone has anonymous access you can comment out ftp entries from /etc/proftpd/username & /etc/proftpd/passwd.vhosts
     
  13. ozzi4648

    ozzi4648 Guest

    I guess you have more flexibility with Cpanel but it does pose a major problem. All i wanted to do was disable these ftp peddlers, who we dont even know, logging in our server by ftp'ing to our ip. Now on our Ensim boxes this is strictly not allowed however when we create the users account we can give them the option to allow anon ftp if they wish. Telnet is another issue however we have already closed this permanetly.
     
  14. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    itf, please read my previous post once more.

    Because if you take the ftp user out from the password file you can still login anonymously with user name: ftp and password: any_password.

    The most secure solution is adding the ftp user to /etc/ftpusers. But that closes all anon ftp logins.
     
  15. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    Norman, you are right it is possible to add ftp in /etc/ftpusers
     
  16. ozzi4648

    ozzi4648 Guest

    So then i dont understand how you guys are using anon ftp. The last thing i want are people using my server for some warez or porn download site because i left the access open to my server. Also anon ftp should only be available to users who are on a ip based site, not named based. So is there a solution where I as root can close ftp and anonymous and still give my users the option to open it if they wish?
     
  17. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    [quote:97090b140a][i:97090b140a]Originally posted by ozzi4648[/i:97090b140a]

    So then i dont understand how you guys are using anon ftp. The last thing i want are people using my server for some warez or porn download site because i left the access open to my server. Also anon ftp should only be available to users who are on a ip based site, not named based. So is there a solution where I as root can close ftp and anonymous and still give my users the option to open it if they wish?[/quote:97090b140a]
    Can you reply to the question I asked you earlier on? Then we may be able to give you further help.

    Also, what directories does your server display when someone anonymously logs in to your server IP? Try to login once as an anonymous user, and then as user: ftp and password: guest. What directories can you see on each login?
     
  18. ozzi4648

    ozzi4648 Guest

    [quote:e79fdf6000][i:e79fdf6000]Originally posted by moronhead[/i:e79fdf6000]

    [i:e79fdf6000]Originally posted by ozzi4648[/i:e79fdf6000]

    & I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controlled on a per user account basis but how about when there are no accounts on the box, where is this option set?

    Are you trying to stop people uploading files or are you trying to stop them logging in anonymously, or both?[/quote:e79fdf6000]

    Im trying to stop, people who dont have accounts on our server, from logging in anonymously. Dont you ever see people from Europe and Asia trying to log into your box? We see this all the time. Yet i want to have the aiblity to give our users the option to allow ftp and anon ftp if they have purchased an account on our system. I hope i answered your quesiton.
     
  19. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    [quote:7987244e7e][i:7987244e7e]Originally posted by ozzi4648[/i:7987244e7e]
    Im trying to stop, people who dont have accounts on our server, from logging in anonymously. Dont you ever see people from Europe and Asia trying to log into your box? We see this all the time. Yet i want to have the aiblity to give our users the option to allow ftp and anon ftp if they have purchased an account on our system. I hope i answered your quesiton.[/quote:7987244e7e]
    They should not be able to upload,
    make sure anonymous block from your global section of /etc/proftpd.conf is like this:

    # A basic anonymous configuration, no upload directories.
    &Anonymous ~ftp&
    UseFtpUsers on
    RequireValidShell off

    User ftp
    Group ftp
    # We want clients to be able to login with &anonymous& as well as &ftp&
    UserAlias anonymous ftp

    &Limit LOGIN&
    AllowAll
    &/Limit&
    # Limit the maximum number of anonymous logins
    MaxClients 10

    # We want 'welcome.msg' displayed at login, and '.message' displayed
    # in each newly chdired directory.
    DisplayLogin welcome.msg
    DisplayFirstChdir .message

    # Limit WRITE everywhere in the anonymous chroot
    &Limit WRITE&
    DenyAll
    &/Limit&

    &/Anonymous&
     
  20. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    Let me get this straight. People can log in anonymously to your server IP and can download as well as upload files?
     
Loading...

Share This Page