The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

pureftpd stopping and re-starting repeatedly

Discussion in 'General Discussion' started by StoneyCreeker, Mar 21, 2016.

  1. StoneyCreeker

    StoneyCreeker Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    50
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Upper-East TN
    cPanel Access Level:
    Root Administrator
    Since the last update to 54.0 build 19, pure-ftpd has been stopping and restarting several times a day "ftpd: **[421 50 users (the maximum) are already logged in, sorry ! = 220] : Died.

    And then a few minutes later I receive a message that it has recovered and the service "ftpd" is now operational.

    The log indicates many bogus attempts to log into ftpd.

    This server has been running for years without this problem until the last cpanel update. I have anonymous logins disabled and have only one client besides me that uses sftp to back up data nightly.

    Apparently pure-ftp lets hackers log in but doesn't give them access and this causes the ftpd to restart when "Maximum Connections" is reached. Should I increase the number of users?

    Maybe a cron job could stop the pure-ftp service and only enable it when my scheduled backups are running?

    What would be the syntax of that cron job if that is the only solution?

    I would like to block "all but" 3 ip addresses or users but I do not want to switch to proftp.

    Thank You!

    Here is the last of the log for today:

    Code:
    Mar 21 10:11:08 host pure-ftpd: (?@91.233.135.105) [INFO] New connection from 91.233.135.105
    Mar 21 10:11:13 host pure-ftpd: (?@91.233.135.105) [WARNING] Authentication failed for user [test123]
    Mar 21 10:11:15 host pure-ftpd: (?@91.233.135.105) [INFO] New connection from 91.233.135.105
    Mar 21 10:11:18 host pure-ftpd: (?@91.233.135.105) [INFO] Logout.
    Mar 21 10:11:20 host pure-ftpd: (?@91.233.135.105) [WARNING] Authentication failed for user [upload]
    Mar 21 10:11:21 host pure-ftpd: (?@91.233.135.105) [INFO] New connection from 91.233.135.105
    Mar 21 10:11:22 host pure-ftpd: (?@91.233.135.105) [INFO] Logout.
    Mar 21 10:11:25 host pure-ftpd: (?@91.233.135.105) [WARNING] Authentication failed for user [web]
    Mar 21 10:11:26 host pure-ftpd: (?@91.233.135.105) [INFO] New connection from 91.233.135.105
    Mar 21 10:12:14 host pure-ftpd: (?@92.100.212.35) [INFO] New connection from 92.100.212.35
    Mar 21 10:12:21 host pure-ftpd: (?@92.100.212.35) [WARNING] Authentication failed for user [hidden]
    Mar 21 10:12:22 host pure-ftpd: (?@92.100.212.35) [INFO] New connection from 92.100.212.35
    Mar 21 10:12:27 host pure-ftpd: (?@92.100.212.35) [WARNING] Authentication failed for user [test]
    Mar 21 10:12:28 host pure-ftpd: (?@92.100.212.35) [INFO] New connection from 92.100.212.35
    Mar 21 10:12:30 host pure-ftpd: (?@92.100.212.35) [INFO] Logout.
    Mar 21 10:12:34 host pure-ftpd: (?@92.100.212.35) [WARNING] Authentication failed for user [testuser]
    Mar 21 10:12:36 host pure-ftpd: (?@92.100.212.35) [INFO] New connection from 92.100.212.35
    Mar 21 10:12:41 host pure-ftpd: (?@92.100.212.35) [WARNING] Authentication failed for user [test1234]
    Mar 21 10:12:56 host pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
     
  2. StoneyCreeker

    StoneyCreeker Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    50
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Upper-East TN
    cPanel Access Level:
    Root Administrator
    I am using ConfigServer firewall and it is blocking most attempts after 3 failed logins. I get hundreds of emails a day from it showing blocked attempts like this:

    Time: Mon Mar 21 10:06:58 2016 -0400
    IP: 188.163.110.67 (UA/Ukraine/SOL-FTTB.67.110.163.188.sovam.net.ua)
    Failures: 3 (ftpd)
    Interval: 3600 seconds
    Blocked: Permanent Block

    Log entries:

    Mar 21 10:06:46 host pure-ftpd: (?@188.163.110.67) [WARNING] Authentication failed for user [support]
    Mar 21 10:06:51 host pure-ftpd: (?@188.163.110.67) [WARNING] Authentication failed for user [public]
    Mar 21 10:06:57 host pure-ftpd: (?@188.163.110.67) [WARNING] Authentication failed for user [guest]
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can try adjusting the following values in "WHM >> Service Configuration >> FTP Server Configuration":

    Maximum Connections
    Maximum Connections Per IP Address


    Increasing the maximum connections value, and decreasing the maximum connections per IP address value, might help address this issue.

    Thank you.
     
  4. StoneyCreeker

    StoneyCreeker Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    50
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Upper-East TN
    cPanel Access Level:
    Root Administrator
    I tried that but the situation continues. I just set the FTP server selection to none until I can find a better solution somewhere.
    Brute force, but effective. I will have to manually re-enable it for the daily scheduled client data backups. :(

    It sure would be great if someone would come up with a way to block entire countries without driving up the inodes on a VPS.

    Is there a way to enable/disable the FTP server selection with a cron job?

    Thank you.
     
  5. StoneyCreeker

    StoneyCreeker Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    50
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Upper-East TN
    cPanel Access Level:
    Root Administrator
    Can I ask a stupid question?

    If I have my client use SFTP to backup their data can I set the FTP server selection to none?

    I just noticed I can still log into my Root using SmartFTP with SFTP after disabling the FTP server...

    How can that be?

    I just haven't run into this before.....
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, SFTP is a different protocol than FTP, so you can disable FTP and still use SFTP. Keep in mind that SFTP does not support virtual accounts at this time, so you must use the cPanel account username and password for individual account access. It's documented at:

    How to Configure Your SFTP Client - cPanel Knowledge Base - cPanel Documentation

    Thank you.
     
    StoneyCreeker likes this.
  7. StoneyCreeker

    StoneyCreeker Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    50
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Upper-East TN
    cPanel Access Level:
    Root Administrator
    That information was key to solving my problem!

    I figured out how to access my client's accounts using SFTP with SmartFTP.

    I looked into my client's B/U software, SyncBack Pro, and it does support SFTP.
    But it needs a SFTP Private Key and Password, and SFTP Server Public Key.

    Do you know an easy tutorial on how to set up these keys on my server?

    Thank You
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You can use the same key that's configured for SSH. The "Private Key" section on the following document explains how to set this up:

    How to Configure Your SFTP Client - cPanel Knowledge Base - cPanel Documentation

    Note this is for access to the cPanel server via SFTP. If you are attempting to connect to another server via SFTP, then the key must be configured on that remote server.

    Thank you.
     
    StoneyCreeker likes this.
Loading...

Share This Page