The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] Allow only selected IP addresses access to FTP

Discussion in 'Security' started by shufil, Jul 9, 2014.

  1. shufil

    shufil Well-Known Member

    Joined:
    Mar 19, 2014
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello,

    In our server getting lot of attack to using 21 port , so i need to change ftp port number and connection only allowed selective ip address , how can i do this ?

    Regards,
    Shufil
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Re: Ftp connect only selected ip es

    Please do not post support questions in General Lounge. General Lounge is meant for off-topic conversations that are not about cPanel. This question is related to something that is part of cPanel, so I moved it to a more appropriate section.

    You can restrict access to FTP in the WebHost Manager, in Home » Security Center » Host Access Control. This is documented here:

    http://documentation.cpanel.net/display/ALD/Host+Access+Control

    Note that you must use ProFTPd for this. Pure-FTPd will not respect the rules you set in Host Access Control. You can switch from Pure-FTPd to ProFTPD in Home » Service Configuration » FTP Server Selection.

    Port 21 is the standard FTP port, and FTP clients expect to use it. Because of that, changing the FTP port is generally a bad idea. You can effectively restrict access using Host Access Control. Note that Host Access Control will not prevent an unwanted visitor from making a connection, but it will prevent it from logging in.

    Another option is to configure the iptables firewall on your server to block the unwanted IP addresses. cPanel does not provide a firewall configuration tool, so you may want to install a third-party tool like CSF or APF if you have not done so already. Information about those tools is available on their respective sites:

    ConfigServer Security & Firewall
    https://www.rfxn.com/projects/advanced-policy-firewall/
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    You could do this easily with CSF, no need to change the port number

    Just close port 21 in csf.conf, then whitelist any IP addresses that need FTP access.
     
  4. shufil

    shufil Well-Known Member

    Joined:
    Mar 19, 2014
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Thanks for information .

    Regards,
    Shufil
     
  5. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    You are most welcome.
     
Loading...

Share This Page