The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Issue: Banging on Anon FTP

Discussion in 'Security' started by Doctor, Jul 14, 2003.

  1. Doctor

    Doctor Well-Known Member

    Joined:
    Apr 26, 2003
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    16
    Guys and girls,

    Last night, my server was bombarded with hundreds of failed ANON FTP login attempts from this source - trifit.ba.psg.sk / 195.80.173.100

    Ad advise - make sure your server's ANON FTP is never enabled.

    cPanel.net Support Ticket Number:
     
  2. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Is the public_ftp folder needed if anon ftp is disabled? Can it be deleted?

    cPanel.net Support Ticket Number:
     
  3. tAzMaNiAc

    tAzMaNiAc Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sachse, TX
    Agreed.. I disabled my anon ftp long ago.. both from proftpd and then from pureftpd when i moved over.

    cPanel.net Support Ticket Number:
     
  4. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    451
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Vancouver, Canada
    Tazmaniac, how do I disable anonymous FTP for PureFTP :confused:

    cPanel.net Support Ticket Number:
     
  5. tAzMaNiAc

    tAzMaNiAc Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sachse, TX
    I had to do it in /etc/sysconfig. I am not sure if it's the same for Redhat (since I am on Mandrake)? It should be in there.

    /etc/sysconfig/pure-ftpd

    It has a line and you probably need to uncomment it (remove the #) and fix the other line that says anonymous only and comment it out:

    # Do not allow anonymous access:
    --noanonymous

    Example first part of that file:
    ==========
    # /etc/sysconfig/pure-ftpd $Revision: 1.13 $
    #
    # This file accompanies the pure-ftpd initscript for redhat based systems.
    # It will be used by /etc/rc.d/init.d/pure-ftpd only. It has no effect
    # whatsoever on servers started from (x)inetd, the commandline or anywhere
    # else.
    #
    # Currently this file and pure-config.pl don't know about each other
    # existance but this may change in future releases.
    #
    # Copy this file to /etc/sysconfig/pure-ftpd and edit it according to your
    # needs. Please see the documentation at http://pureftpd.org/ or
    # pureftpd.sourceforge.net for a complete list of options. There are many
    # more, and probably the one you are looking for actually exists, only was I
    # to lazy to list it here. Also, there are security implications associated
    # with most the options, so if in doubt, read the fine manual.
    # No warranty for anything, you're out on your own, and have been warned!


    # probably a good idea, put everybody but root in a chroot()-jail
    --chrooteveryone

    # Ignore parts of RFC standards in order to deal with some totally
    # broken FTP clients, or broken firewalls/NAT boxes
    --brokenclientscompatibility

    # upper limit on numer of incoming connections
    --maxclientsnumber=50

    # unrestricted access for this group id:
    # --trustedgid=11

    # Do not allow anonymous access:
    --noanonymous

    # Opposite of the above: Allow anonymous access only:
    #--anonymousonly

    # To enforce users having a uid equal or greater than this:
    --minuid=100

    # disallow uploads if partition is filled to this percentage:
    --maxdiskusagepct=90

    # disallow uploads for anonymous users
    --anonymouscantupload

    # disallow anonymous downloads if server load is above this number:
    --maxload=5

    # Don't allow anonymous users to download files owned by "ftp" (generally,
    # files uploaded by other anonymous users) . So that uploads have to be
    # validated by a system administrator (chown to another user) before being
    # available for download.
    # --antiwarez

    cPanel.net Support Ticket Number:
     
  6. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    Re: Re: Security Issue: Banging on Anon FTP

    Can you remember how you disabled anon ftp from proftpd? :)

    cPanel.net Support Ticket Number:
     
  7. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    Re: Re: Re: Security Issue: Banging on Anon FTP

    You can do it within WHM in the tweak ftp section.

    cPanel.net Support Ticket Number:
     
  8. JPmorgan

    JPmorgan BANNED

    Joined:
    Aug 19, 2003
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    The question would be where do you want to disable anon ftp to? People can anon ftp to your main servers ips if left open or users can ftp to their own user sites using anon ftp. If your main server ip is being bombarded and you want to stop people from logging into anon to your servers ip you would need to modify /etc/proftpd.conf

    Find this;

    # We want clients to be able to login with "anonymous" as well as "ftp"
    UserAlias anonymous ftp

    <Limit LOGIN>
    AllowAll
    </Limit>
    # Limit the maximum number of anonymous logins
    MaxClients 10

    Change it to:

    # We want clients to be able to login with "anonymous" as well as "ftp"
    UserAlias anonymous ftp

    <Limit LOGIN>
    # AllowAll
    DenyAll
    </Limit>
    # Limit the maximum number of anonymous logins
    MaxClients 10

    Restart proftpd

    Disabling it from WHM would stop anon ftp to all site i would imagine and maybe thats not what you want to do really because you want your users to be able to select anon ftp to their own sites if they wish. We make this change to every new server we purchase. We dont want people anon ftping to our server ip and this change will stop them.

    cPanel.net Support Ticket Number:
     
    #8 JPmorgan, Aug 25, 2003
    Last edited: Aug 25, 2003
  9. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    I have found that disabling anon ftp in WHM only disables it for new user accounts. It doesn't disable the existing accounts (if they had anon ftp enabled via the ftp manager).
     
  10. B12Org

    B12Org Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle Washington
    cPanel Access Level:
    Root Administrator
    Good to know
     
  11. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    What would be the purpose of leaving anon enabled?

    just curious
     
  12. Doctor

    Doctor Well-Known Member

    Joined:
    Apr 26, 2003
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    16
    Only for those who dare to try. ;)
     
  13. DataDork

    DataDork Active Member

    Joined:
    Apr 11, 2003
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    edited the /etc/proftpd.conf file using pico -w like this

    <Limit LOGIN>
    # AllowAll
    DenyAll
    </Limit>
    # Limit the maximum number of anonymous logins
    MaxClients 10

    Went to restart and got the following message.

    service proftpd restart
    /sbin/service: line 68: 28018 Hangup env -i LANG=$LANG PATH=$PATH TERM=$TERM "${SERVICEDIR}/${SERVICE}" ${OPTIONS}

    Can anyone explain how to correct this? Thanks in advance.
     
  14. knalb

    knalb Registered
    PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    it's very ghetto, but this is a "fix"

    open up your /etc/init.d/proftpd and find the section that starts with restart, then replace it with this:

    Code:
      restart)
            echo -n "Stopping proftpd: "
            killproc proftpd
            echo
            rm -f /var/lock/subsys/proftpd
            echo -n "Starting proftpd: "
            daemon proftpd -p 0
            echo
            touch /var/lock/subsys/proftpd
            ;;
    
    its basically just the stop and start sections together. i told you it was ghetto, but it does work.
     
Loading...

Share This Page