The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Port scanning detected while donig ftp

Discussion in 'Security' started by sparktino, Nov 9, 2012.

  1. sparktino

    sparktino Member

    Joined:
    May 10, 2009
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    One of our client's ips are keep getting blocked while doing ftp through an ftp client by CSF+LFD. It is giving the following reason

    *Port Scan* detected from ip

    I have read in CSF forum that It's the way FTP works: Data connections use a consecutive range of ports in a round-robin style. Once the range is exhausted, it starts from the beginning. Transferring many small files fast does result in using many ports one after another. So this is the reason for Port scanning.

    Currently I whitelisted the ip from which they making ftp connection and also ignored the ip in LFD checks.

    But I need a permanent solution so that this behaviour never occurs while clients do FTP. Is there any settings that can be made on the FTP server to prevent this behaviour?. I am currently using pure-ftpd.

    I have also read in CSF forum that using Active FTP instead of Passive FTP can fix things. Can anybody please help me in this issue.

    Regards
    Tino
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,449
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I know a faster way. For example, upload one compressed file with 1000's of images in seconds to a "workroom" directory outside of public_html, in your browser you've already got cPanel File Manager open. Navigate to this temp workroom directory and click extract, top of File Manager. Then go drag/drop/copy them to wherever you need them.

    I know that's not the answer you're looking for here, but it's what I tell anyone who has the need to open up more than 50 connections to my server to add some new images to their web gallery etc. You whitelisting them is allowing them to saturate your entire server connection I would think, depending on how many connections that user opens. This is why there are restrictions like that.

    What happens when you get two or more users uploading many small files at one time? Your website doesn't open until at least one of them is done. I'd find out what FTP client the user is working with, and instruct them how to tweak its settings for normal operations if it was me.
     
  3. sparktino

    sparktino Member

    Joined:
    May 10, 2009
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Infopro,

    Thanks for the update.
    This is a dedicated server to the client. So we do not mind opening up more than 50 connections. Can this be done in pure-ftpd.conf?. Will this fix the issue ?

    Regards
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,449
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Assuming that your server is setup to use Pure-FTPD:
    Home » Service Configuration » FTP Server Selection

    ...an easy way to go might be to adjust the settings for it, here I think:
    Home » Service Configuration » FTP Server Configuration

    You'll probably need to edit your CSF settings as well. Whatever you do, remove that user from the bypass list first thing too!

    HTH! :)
     
  5. sparktino

    sparktino Member

    Joined:
    May 10, 2009
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Infopro,

    Thank you for the help.
    But increasing the maximum number of connections per ip will address the port scannig issue?
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,449
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    That setting will allow more connections to the server. Your firewall will need to be tweaked as well. You might start here:

    And here:

    And/or, here:
    http://www.configserver.com/free/csf/readme.txt
     
  7. sparktino

    sparktino Member

    Joined:
    May 10, 2009
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Thank you Infopro for your help.

    One last question. If you do not mind can you please tell me what tweak one should do when he uses a ftp client like Filezilla in such a situation.

    Regards
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,449
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
Loading...

Share This Page