pureftpd stopping and re-starting repeatedly

[StoneyCreeker]

Since the last update to 54.0 build 19, pure-ftpd has been stopping and restarting several times a day "ftpd: **[421 50 users (the maximum) are already logged in, sorry ! = 220] : Died.

And then a few minutes later I receive a message that it has recovered and the service "ftpd" is now operational.

The log indicates many bogus attempts to log into ftpd.

This server has been running for years without this problem until the last cpanel update. I have anonymous logins disabled and have only one client besides me that uses sftp to back up data nightly.

Apparently pure-ftp lets hackers log in but doesn't give them access and this causes the ftpd to restart when "Maximum Connections" is reached. Should I increase the number of users?

Maybe a cron job could stop the pure-ftp service and only enable it when my scheduled backups are running?

What would be the syntax of that cron job if that is the only solution?

I would like to block "all but" 3 ip addresses or users but I do not want to switch to proftp.

Thank You!

Here is the last of the log for today:

Mar 21 10:11:08 host pure-ftpd: ([email protected]) [INFO] New connection from 91.233.135.105
Mar 21 10:11:13 host pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [test123]
Mar 21 10:11:15 host pure-ftpd: ([email protected]) [INFO] New connection from 91.233.135.105
Mar 21 10:11:18 host pure-ftpd: ([email protected]) [INFO] Logout.
Mar 21 10:11:20 host pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [upload]
Mar 21 10:11:21 host pure-ftpd: ([email protected]) [INFO] New connection from 91.233.135.105
Mar 21 10:11:22 host pure-ftpd: ([email protected]) [INFO] Logout.
Mar 21 10:11:25 host pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [web]
Mar 21 10:11:26 host pure-ftpd: ([email protected]) [INFO] New connection from 91.233.135.105
Mar 21 10:12:14 host pure-ftpd: ([email protected]) [INFO] New connection from 92.100.212.35
Mar 21 10:12:21 host pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [hidden]
Mar 21 10:12:22 host pure-ftpd: ([email protected]) [INFO] New connection from 92.100.212.35
Mar 21 10:12:27 host pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [test]
Mar 21 10:12:28 host pure-ftpd: ([email protected]) [INFO] New connection from 92.100.212.35
Mar 21 10:12:30 host pure-ftpd: ([email protected]) [INFO] Logout.
Mar 21 10:12:34 host pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [testuser]
Mar 21 10:12:36 host pure-ftpd: ([email protected]) [INFO] New connection from 92.100.212.35
Mar 21 10:12:41 host pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [test1234]
Mar 21 10:12:56 host pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1

 

[StoneyCreeker]

I am using ConfigServer firewall and it is blocking most attempts after 3 failed logins. I get hundreds of emails a day from it showing blocked attempts like this:

Time: Mon Mar 21 10:06:58 2016 -0400
IP: 188.163.110.67 (UA/Ukraine/SOL-FTTB.67.110.163.188.sovam.net.ua)
Failures: 3 (ftpd)
Interval: 3600 seconds
Blocked: Permanent Block

Log entries:

Mar 21 10:06:46 host pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [support]
Mar 21 10:06:51 host pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [public]
Mar 21 10:06:57 host pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [guest]

 

[cPanelMichael]

Hello

You can try adjusting the following values in "WHM >> Service Configuration >> FTP Server Configuration":

Maximum Connections
Maximum Connections Per IP Address

Increasing the maximum connections value, and decreasing the maximum connections per IP address value, might help address this issue.

Thank you.

 

[StoneyCreeker]

I tried that but the situation continues. I just set the FTP server selection to none until I can find a better solution somewhere.
Brute force, but effective. I will have to manually re-enable it for the daily scheduled client data backups.

It sure would be great if someone would come up with a way to block entire countries without driving up the inodes on a VPS.

Is there a way to enable/disable the FTP server selection with a cron job?

Thank you.

 

[StoneyCreeker]

Can I ask a stupid question?

If I have my client use SFTP to backup their data can I set the FTP server selection to none?

I just noticed I can still log into my Root using SmartFTP with SFTP after disabling the FTP server...

How can that be?

I just haven't run into this before.....

 

[cPanelMichael]

If I have my client use SFTP to backup their data can I set the FTP server selection to none?

Yes, SFTP is a different protocol than FTP, so you can disable FTP and still use SFTP. Keep in mind that SFTP does not support virtual accounts at this time, so you must use the cPanel account username and password for individual account access. It's documented at:

How to Configure Your SFTP Client - cPanel Knowledge Base - cPanel Documentation

Thank you.

 

[StoneyCreeker]

That information was key to solving my problem!

I figured out how to access my client's accounts using SFTP with SmartFTP.

I looked into my client's B/U software, SyncBack Pro, and it does support SFTP.
But it needs a SFTP Private Key and Password, and SFTP Server Public Key.

Do you know an easy tutorial on how to set up these keys on my server?

Thank You

 

[cPanelMichael]

But it needs a SFTP Private Key and Password, and SFTP Server Public Key.

You can use the same key that's configured for SSH. The "Private Key" section on the following document explains how to set this up:

How to Configure Your SFTP Client - cPanel Knowledge Base - cPanel Documentation

Note this is for access to the cPanel server via SFTP. If you are attempting to connect to another server via SFTP, then the key must be configured on that remote server.

Thank you.