The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security issue Pure FTP anonymous

Discussion in 'Security' started by jdilegge, May 6, 2011.

  1. jdilegge

    jdilegge Member

    Joined:
    Dec 17, 2010
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Boston, Ma
    The first thing I do when i setup a server is diable anonymous ftp. However, this time I disabled and anonymous ftp was still available. So, I disabled ftp all together. Well, I could still telnet to pureftp. So, I had to block ports 20:21 in iptables in order to patch this because some douche in Amsterdam uploaded new .htaccess files to 3 of my sites using anonymous ftp. This was a brand new box with the most current stable version of cpanel.

    Please get this fixed, cpanel, because I lost some of my long time faith in cPanel.

    I recommend anyone to use this iptables rule until this issue is repaired:


     
  2. JeffP.

    JeffP. Well-Known Member

    Joined:
    Sep 28, 2010
    Messages:
    164
    Likes Received:
    9
    Trophy Points:
    18
    Hi jdilegge,

    When you said that FTP was disabled, though you could still access it, can you please clarify the steps taken to attempt to disable it? For example, did you log into WHM as root, click "Service Manager", then uncheck both boxes on the line that says "ftpd"?


    Can you also please run this command?

    Code:
    $ grep ^NoAnonymous /etc/pure-ftpd.conf
    If anonymous FTP is disabled, you should see the following:

    Code:
    NoAnonymous yes
     
Loading...

Share This Page