Script getting IP from /var/log/messages file. If your FTP server is not logging ftp transactions, IP will not be discovered.I have installed the latest version yesterday, but the IP is neither being blocked in CSF nor logged in the log. Also, I modified the script to include the IP address in the email, but the IP address field is blank in the email. How to fix it?
what am i missing?# /etc/init.d/pure-ftpd restart
Stopping pure-config.pl: cat: /var/run/pure-ftpd/pure-uploadscript.pid: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
Stopping pure-authd:
Starting pure-config.pl: Running: /usr/sbin/pure-ftpd -O clf:/var/log/xferlog --daemonize -A -c50 -B -C8 -D -E -fftp -H -I15 -lextauth:/var/run/ftpd.sock -L2000:8 -m4 -s -U133:022 -u100 -Oxferlog:/usr/local/apache/domlogs/ftpxferlog -o -k99 -Z -Y1 -JHIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
[ OK ]
Starting pure-authd:
ive been following thru this discussion and thought id give the script a try on one of our servers
I ran the installer and followed the instructions at Anti-Gumblar // Protection for IFRAME/Javascript/Gumblar Attacks
chmodded the clamscan_php file to 755 and restarted pureftp but i get the error:
what am i missing?
If script is not latest version please update.Hello,
I have a problem,
i try to upload an iframe here is the log:
2009.09.09 12:36:57 --- init... File : /home/berek/public_ftp/iframe.php
2009.09.09 12:36:57 --- antivirus scan...
2009.09.09 12:36:57 --- word scan...
2009.09.09 12:36:57 --- wordscan results : .cn:8080/ at line 1 FOUND and file moved to File moved to : /home/quarantine/clamav//iframe.php.20090909123657
2009.09.09 12:36:57 --- /home/berek/public_ftp/iframe.php|.cn:8080/ at line 1|
2009.09.09 12:36:57 --- pass change for user :
2009.09.09 12:36:57 --- kill idle connection...
2009.09.09 12:36:57 --- IDLE Process not found...
2009.09.09 12:36:57 --- block attacker ip...
2009.09.09 12:36:57 --- send mail...
2009.09.09 12:36:57 --- end...
Ip is not block in csf and and when i upload the file the connection is working , the ftp process is not killed .
If somebody have an idear please share
Thanks.
if you disabled shell_exec function in php.ini please remove shell_exec function from disable_function list...Hello,
I have locate the Issue:
if the User have a other IP than the Main-IP from Server the Script dont works.
And shell_exe are need from Script.
Any solutions for this Issue?
Thanks
do you mean IP blocking is not working for attackers they have dedicated IP ?Hello Hidonet,
shell_exec are not in the List from disable_function.
The Script works but the User that have a dedicated IP being not blocked if upload virusscripts.
A User where use the Main-IP for Upload are blocked.
Greats
restart ftpd from ssh.. restarting with whm is passing upload script featureit doesnt seem to be running for me
No errors when I restart FTP but it doesnt scan an eicar file or a text file with blocked content
When I restart pure ftp from WHM ( i know to restrt it from ssh ) it shows
Pure-ftpd (/usr/sbin/pure-uploadscript -B -r /var/run/pure-ftpd/clamscan.sh) running as root with PID 16826
Which means something is still calling that file
any ideas ?
i will do that in script...Hello,
If you dont want to remove shell_exec from disable_function edit ftp_clamscan.php replace first line with :
#!/var/cpanel/3rdparty/bin/php -d safe_mode="Off" -w -q
Thread starter | Similar threads | Forum | Replies | Date |
---|---|---|---|---|
M | ClamAV fails to start on CloudLinux 6 after updating to 100.0.8 solution | Security | 2 | |
![]() |
A problem I do not know have a solution | Security | 3 | |
J | Symlink Solution for OpenVZ / Virtuozzo | Security | 2 | |
![]() |
Solutions for handling ddos attacks? | Security | 3 | |
T | Hacking threat - and my idea for solution: | Security | 3 |