Security issue Pure FTP anonymous

[jdilegge]

The first thing I do when i setup a server is diable anonymous ftp. However, this time I disabled and anonymous ftp was still available. So, I disabled ftp all together. Well, I could still telnet to pureftp. So, I had to block ports 20:21 in iptables in order to patch this because some douche in Amsterdam uploaded new .htaccess files to 3 of my sites using anonymous ftp. This was a brand new box with the most current stable version of cpanel.

Please get this fixed, cpanel, because I lost some of my long time faith in cPanel.

I recommend anyone to use this iptables rule until this issue is repaired:

iptables -A INPUT -p tcp --dport 20:22 -j DROP;
iptables -A INPUT -s YOUR IP ADDRESS HERE -p tcp –-dport 20:22 -j ACCEPT;

 

[JeffP.]

Hi jdilegge,

When you said that FTP was disabled, though you could still access it, can you please clarify the steps taken to attempt to disable it? For example, did you log into WHM as root, click "Service Manager", then uncheck both boxes on the line that says "ftpd"?


Can you also please run this command?

$ grep ^NoAnonymous /etc/pure-ftpd.conf

If anonymous FTP is disabled, you should see the following:

NoAnonymous yes