How do you close anonymous FTP?

[ozzi4648]

I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controller on a per user account bases but howabout when there are no accounts on the box, where is this option set?

Thanks

 

[MrHits]

Log into WHM on port 2087 as such:
https://yourdomainc.om:2087


In the section entitled: Server Setup

you will see a link to: Service Manager


Uncheck the button next to &proftpd&

this will disable FTP on your server.

 

[itf]

[quote:3fcdd6cd35][i:3fcdd6cd35]Originally posted by ozzi4648[/i:3fcdd6cd35]

I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controller on a per user account bases but howabout when there are no accounts on the box, where is this option set?

Thanks[/quote:3fcdd6cd35]
anonymous ftp access to IP addresses which haven't been assigned to an account are disabled by default in Cpanel
It means if you use an IP address for HTTP access and you see &Hey it worked page& you can't login with anonymous user by using that IP

 

[ozzi4648]

[quote:ddf6e7a55b][i:ddf6e7a55b]Originally posted by itf[/i:ddf6e7a55b]

[quote:ddf6e7a55b][i:ddf6e7a55b]Originally posted by ozzi4648[/i:ddf6e7a55b]

I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controller on a per user account bases but howabout when there are no accounts on the box, where is this option set?

Thanks[/quote:ddf6e7a55b]
anonymous ftp access to main-server-ip address is disabled by default in Cpanel[/quote:ddf6e7a55b]

Actually it isn't. If i setup my client anonymous then ftp directly to my ip i get in without a problem. The question is how do you turn this off. This is not right!

 

[ozzi4648]

[quote:655167179b][i:655167179b]Originally posted by MrHits[/i:655167179b]

Log into WHM on port 2087 as such:
https://yourdomainc.om:2087


In the section entitled: Server Setup

you will see a link to: Service Manager


Uncheck the button next to &proftpd&

this will disable FTP on your server.

[/quote:655167179b]

Huh! I dont want to disable FTP across the entire server. Doing this will just CLOSE ftp for everyone!

 

[itf]

[quote:cd2be40272][i:cd2be40272]Originally posted by ozzi4648[/i:cd2be40272]

[quote:cd2be40272][i:cd2be40272]Originally posted by itf[/i:cd2be40272]

[quote:cd2be40272][i:cd2be40272]Originally posted by ozzi4648[/i:cd2be40272]

I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controller on a per user account bases but howabout when there are no accounts on the box, where is this option set?

Thanks[/quote:cd2be40272]
anonymous ftp access to main-server-ip address is disabled by default in Cpanel[/quote:cd2be40272]

Actually it isn't. If i setup my client anonymous then ftp directly to my ip i get in without a problem. The question is how do you turn this off. This is not right![/quote:cd2be40272]
[b:cd2be40272]What I wrote is true but Unfortunately you haven't understood it:
I wrote main server IP address then refined my post to discuss it:[/b:cd2be40272]
[quote:cd2be40272][i:cd2be40272]Originally posted by itf[/i:cd2be40272]
anonymous ftp access to IP addresses which haven't been assigned to an account are disabled by default in Cpanel
It means if you use an IP address for HTTP access and you see &Hey it worked page& you can't login with anonymous user by using that IP[/quote:cd2be40272]

It's clear if you offer anonymous ftp access for an account and if it has an IP address, you can login with anonymous user via that IP address

Also [b:cd2be40272]if you want to disable anonymous ftp access to your server:[/b:cd2be40272]
Find these lines at global section of [b:cd2be40272]/etc/proftpd.conf[/b:cd2be40272] and apply changes as shown in bold text, then restart proftpd:

# A basic anonymous configuration, no upload directories.
&Anonymous ~ftp&
UseFtpUsers on
RequireValidShell off

User ftp
Group ftp
# We want clients to be able to login with &anonymous& as well as &ftp&
[b:cd2be40272]# UserAlias anonymous ftp[/b:cd2be40272]

&Limit LOGIN&
AllowAll
&/Limit&
# Limit the maximum number of anonymous logins
MaxClients 10

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
&Limit WRITE&
DenyAll
&/Limit&

&/Anonymous&

 

[moronhead]

[i:65b52ea361]Originally posted by ozzi4648[/i:65b52ea361]

& I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controlled on a per user account basis but how about when there are no accounts on the box, where is this option set?

Are you trying to stop people uploading files or are you trying to stop them logging in anonymously, or both?

 

[itf]

[quote:c7b3dd915a][i:c7b3dd915a]Originally posted by moronhead[/i:c7b3dd915a]

[i:c7b3dd915a]Originally posted by ozzi4648[/i:c7b3dd915a]

& I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controlled on a per user account basis but how about when there are no accounts on the box, where is this option set?

Are you trying to stop people uploading files or are you trying to stop them logging in anonymously, or both?[/quote:c7b3dd915a]
read the title of his/her post: &How do you close anonymous FTP?&
It is what I answered above
refer to this post : http://forums.cpanel.net/read.php?TID=4954page=1#21406

 

[itf]

duplicate post

 

[ozzi4648]

[quote:20c181a82d][i:20c181a82d]Originally posted by itf[/i:20c181a82d]

[quote:20c181a82d][i:20c181a82d]Originally posted by ozzi4648[/i:20c181a82d]

[quote:20c181a82d][i:20c181a82d]Originally posted by itf[/i:20c181a82d]

[quote:20c181a82d][i:20c181a82d]Originally posted by ozzi4648[/i:20c181a82d]

I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controller on a per user account bases but howabout when there are no accounts on the box, where is this option set?

Thanks[/quote:20c181a82d]
anonymous ftp access to main-server-ip address is disabled by default in Cpanel[/quote:20c181a82d]

Actually it isn't. If i setup my client anonymous then ftp directly to my ip i get in without a problem. The question is how do you turn this off. This is not right![/quote:20c181a82d]
[b:20c181a82d]What I wrote is true but Unfortunately you haven't understood it:
I wrote main server IP address then refined my post to discuss it:[/b:20c181a82d]
[quote:20c181a82d][i:20c181a82d]Originally posted by itf[/i:20c181a82d]
anonymous ftp access to IP addresses which haven't been assigned to an account are disabled by default in Cpanel
It means if you use an IP address for HTTP access and you see &Hey it worked page& you can't login with anonymous user by using that IP[/quote:20c181a82d]

It's clear if you offer anonymous ftp access for an account and if it has an IP address, you can login with anonymous user via that IP address

Also [b:20c181a82d]if you want to disable anonymous ftp access to your entire server:[/b:20c181a82d]
Find these lines at global section of [b:20c181a82d]/etc/proftpd.conf[/b:20c181a82d] and apply changes as shown in bold text, then restart proftpd:

# A basic anonymous configuration, no upload directories.
&Anonymous ~ftp&
UseFtpUsers on
RequireValidShell off

User ftp
Group ftp
# We want clients to be able to login with &anonymous& as well as &ftp&
[b:20c181a82d]# UserAlias anonymous ftp[/b:20c181a82d]

&Limit LOGIN&
AllowAll
&/Limit&
# Limit the maximum number of anonymous logins
MaxClients 10

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
&Limit WRITE&
DenyAll
&/Limit&

&/Anonymous&
[/quote:20c181a82d]

Thanks alot. So howabout when we create user sites, will they still be able to select anon ftp to their sites or was this change a system wide change?

 

[moronhead]

itf, I hope you are checking your theories thoroughly before posting them.

Because if you make the change you've suggested in /etc/proftpd.conf people can still log in to the server IP AND any other anon ftp account on the server with user name: [b:8d0d2a9e69]ftp[/b:8d0d2a9e69] and password: [b:8d0d2a9e69]any_password[/b:8d0d2a9e69].

The only way ozzi4648 will be able to close the loophole, assuming there are no accounts on the server that he wants to have anon ftp, is adding:

ftp

to /etc/ftpusers !

There was a reason why I posed my question to ozzi4648.

 

[itf]

[quote:b04a15c641][i:b04a15c641]Originally posted by ozzi4648[/i:b04a15c641]
Thanks alot. So howabout when we create user sites, will they still be able to select anon ftp to their sites or was this change a system wide change?[/quote:b04a15c641]

If you no longer want anyone has anonymous access you can comment out ftp entries from /etc/proftpd/username & /etc/proftpd/passwd.vhosts

 

[ozzi4648]

I guess you have more flexibility with Cpanel but it does pose a major problem. All i wanted to do was disable these ftp peddlers, who we dont even know, logging in our server by ftp'ing to our ip. Now on our Ensim boxes this is strictly not allowed however when we create the users account we can give them the option to allow anon ftp if they wish. Telnet is another issue however we have already closed this permanetly.

 

[moronhead]

itf, please read my previous post once more.

Because if you take the ftp user out from the password file you can still login anonymously with user name: ftp and password: any_password.

The most secure solution is adding the ftp user to /etc/ftpusers. But that closes all anon ftp logins.

 

[itf]

Norman, you are right it is possible to add ftp in /etc/ftpusers

 

[ozzi4648]

So then i dont understand how you guys are using anon ftp. The last thing i want are people using my server for some warez or porn download site because i left the access open to my server. Also anon ftp should only be available to users who are on a ip based site, not named based. So is there a solution where I as root can close ftp and anonymous and still give my users the option to open it if they wish?

 

[moronhead]

[quote:97090b140a][i:97090b140a]Originally posted by ozzi4648[/i:97090b140a]

So then i dont understand how you guys are using anon ftp. The last thing i want are people using my server for some warez or porn download site because i left the access open to my server. Also anon ftp should only be available to users who are on a ip based site, not named based. So is there a solution where I as root can close ftp and anonymous and still give my users the option to open it if they wish?[/quote:97090b140a]
Can you reply to the question I asked you earlier on? Then we may be able to give you further help.

Also, what directories does your server display when someone anonymously logs in to your server IP? Try to login once as an anonymous user, and then as user: ftp and password: guest. What directories can you see on each login?

 

[ozzi4648]

[quote:e79fdf6000][i:e79fdf6000]Originally posted by moronhead[/i:e79fdf6000]

[i:e79fdf6000]Originally posted by ozzi4648[/i:e79fdf6000]

& I need to stop people from ftp'ing to my servers ip and i cannot find any options in WHM to close this. It can be controlled on a per user account basis but how about when there are no accounts on the box, where is this option set?

Are you trying to stop people uploading files or are you trying to stop them logging in anonymously, or both?[/quote:e79fdf6000]

Im trying to stop, people who dont have accounts on our server, from logging in anonymously. Dont you ever see people from Europe and Asia trying to log into your box? We see this all the time. Yet i want to have the aiblity to give our users the option to allow ftp and anon ftp if they have purchased an account on our system. I hope i answered your quesiton.

 

[itf]

[quote:7987244e7e][i:7987244e7e]Originally posted by ozzi4648[/i:7987244e7e]
Im trying to stop, people who dont have accounts on our server, from logging in anonymously. Dont you ever see people from Europe and Asia trying to log into your box? We see this all the time. Yet i want to have the aiblity to give our users the option to allow ftp and anon ftp if they have purchased an account on our system. I hope i answered your quesiton.[/quote:7987244e7e]
They should not be able to upload,
make sure anonymous block from your global section of /etc/proftpd.conf is like this:

# A basic anonymous configuration, no upload directories.
&Anonymous ~ftp&
UseFtpUsers on
RequireValidShell off

User ftp
Group ftp
# We want clients to be able to login with &anonymous& as well as &ftp&
UserAlias anonymous ftp

&Limit LOGIN&
AllowAll
&/Limit&
# Limit the maximum number of anonymous logins
MaxClients 10

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
&Limit WRITE&
DenyAll
&/Limit&

&/Anonymous&

 

[moronhead]

Let me get this straight. People can log in anonymously to your server IP and can download as well as upload files?