Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Security issue Pure FTP anonymous

Discussion in 'Security' started by jdilegge, May 6, 2011.

  1. jdilegge

    jdilegge Member

    Dec 17, 2010
    Likes Received:
    Trophy Points:
    Boston, Ma
    The first thing I do when i setup a server is diable anonymous ftp. However, this time I disabled and anonymous ftp was still available. So, I disabled ftp all together. Well, I could still telnet to pureftp. So, I had to block ports 20:21 in iptables in order to patch this because some douche in Amsterdam uploaded new .htaccess files to 3 of my sites using anonymous ftp. This was a brand new box with the most current stable version of cpanel.

    Please get this fixed, cpanel, because I lost some of my long time faith in cPanel.

    I recommend anyone to use this iptables rule until this issue is repaired:

  2. JeffP.

    JeffP. Well-Known Member

    Sep 28, 2010
    Likes Received:
    Trophy Points:
    Hi jdilegge,

    When you said that FTP was disabled, though you could still access it, can you please clarify the steps taken to attempt to disable it? For example, did you log into WHM as root, click "Service Manager", then uncheck both boxes on the line that says "ftpd"?

    Can you also please run this command?

    $ grep ^NoAnonymous /etc/pure-ftpd.conf
    If anonymous FTP is disabled, you should see the following:

    NoAnonymous yes

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice