Sudden FTP connection problems

Bruce123

Active Member
Jul 19, 2005
39
1
158
I lease two cpanel servers. (They are not connected in any way, other than they are at the same data center). Starting this morning, when attempting to connect to either server using any of our ftp clients (from any of our several machines), the server returns the message, "501 Sorry, but I won't connect to ports < 1024" and quits as shown in the log extract below.

Connected to xxx.xxx.xxx.xxx port 21
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 3 of 50 allowed.
220-Local time is now 10:20. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
USER [username]
331 User [username] OK. Password required
PASS (hidden)
230-User [username] has group access to: [username]
230 OK. Current restricted directory is /
PWD
257 "/" is your current location
SYST
215 UNIX Type: L8
Host type (S): UNIX (standard)
PORT 192,168,1,102,6,10
501 Sorry, but I won't connect to ports < 1024
! port cmd failed.
! DoDirList failed 0
QUIT
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.

Notice it says we are user number 3. I thought that was weird, so I ran netstat and saw that there were indeed 3 open connections, all 3 were from our originating IPs - the failed attempts I'd guess.

We can connect using sftp, but after a few minutes with an active SFTP connection we're emailed a "Excessive resource usage:" message like this -

Time: Fri Dec 16 10:53:07 2011 -0600
Account: [username]
Resource: Process Time
Exceeded: 1835 > 1800 (seconds)
Executable: /home/virtfs/[username]/usr/libexec/openssh/sftp-server
Command Line: /usr/libexec/openssh/sftp-server
PID: 12410
Killed: No

We were working kinda late last night, with no ftp problems. We have not made any changes to either server, and the folks at the data center say that they haven't either. Any ideas?

Thanks for the help.
 

Infopro

Well-Known Member
May 20, 2003
17,090
517
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter

Bruce123

Active Member
Jul 19, 2005
39
1
158
Thanks, Infopro. I understand about the "Excessive Resource" message from the server. I only included it because we have never seen that message when using sftp before today; its manifestation appears to coincide with the ftp problem. Assuming that the message is an accurate reporting, I don't see how excessive resource usage could result from an sftp connection of an approx. 3 minute duration w/ occasional ULs/DLs of not-very-large files over that period.

Bruce
 

Bruce123

Active Member
Jul 19, 2005
39
1
158
Thanks again. Any idea why our FTP connections are being shut down with "501 Sorry, but I won't connect to ports < 1024"?
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Hello,

You can always check the logs for FTP in /var/log/messages and LFD /var/log.lfd.log file locations. If CSF or LFD is blocking you, simply grep for your IP in those logs to see the results:

Code:
grep myIP# /var/log/messages
grep myIP# /var/log/lfd.log
Here replace myIP# with your IP number. You can find your local station's IP using a site like What Is My IP Address - Shows Your IP Address

Thanks!