The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Users can ftp into server WITHOUT PASSWORD??

Discussion in 'General Discussion' started by Jedia, Apr 30, 2004.

  1. Jedia

    Jedia Well-Known Member

    Joined:
    Mar 18, 2004
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    CN
    Hello.
    i create accounts in WHM ,but today i found users can ftp into server WITHOUT PASSWORDS! thery enter their username and not gave a password can ftp into their dir, what's wrong? but users create other ftp account in Cpanel like : username@domain.com ,this account require password!
    my server running FreeBSD 4.8 + WHM r27
    i edit /usr/local/etc/proftpd.conf this line
    to
    users ftp into server require password, but all other ftp account vars users created like: username@domain.com
    was not working :confused:
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Have you disabled Anonymous FTP? If not, you should under WHM > FTP Configuration
     
  3. Jedia

    Jedia Well-Known Member

    Joined:
    Mar 18, 2004
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    CN
    yes, Anonymous Ftp is currently: disabled
    i must change the Group proftpd to Group nogroup ,now.
    waiting for more help.:(
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Do you still have the following line in /etc/proftpd:

    AuthUserFile /etc/proftpd/passwd.vhosts

    If you lok in /etc/proftpd/passwd.vhosts, does each account have an encrypted password?

    You could try adding:

    AuthPAM off

    just after the AuthUserFile directive at the top of /etc/proftpd.conf, then try again with the Group set correctly.

    If all else fails, try running:

    /scripts/proftpd128

    Which should recreate the proftpd setup for you.
     
  5. Jedia

    Jedia Well-Known Member

    Joined:
    Mar 18, 2004
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    CN
    Thanks for chirpy, i try that, but could not fix :(
    some accounts in /etc/proftpd/passwd.vhosts
    when i try /scripts/proftpd128
    an error
    my proftpd.conf:
    waiting for help, i think i will be crazy:(
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Well, here's your problem (just taking the first entry in your /etc/proftpd/passwd.vhosts file):
    Code:
    uxaroad::1011:1012:uxaroad:/home/vhost/uxaroad:/usr/local/cpanel/bin/noshell
    
    If you look at this line carefully, you'll see that it is colon :)) separated. The second field in the line is empty :):) that's where the encrypted password is meant to be!

    Have you tried to sync the passwords in WHM? Use the option WHM > Synchronize FTP Passwords
     
  7. Jedia

    Jedia Well-Known Member

    Joined:
    Mar 18, 2004
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    CN
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I'm glad you found the cause of the problem :)
     
  9. Dillard

    Dillard Well-Known Member

    Joined:
    Feb 26, 2003
    Messages:
    114
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    The Netherlands
    AARRGH

    Unfortunally two of my servers had this same issue. Glad that I found the information rather soon, but it stressed my out a little, because all my accounts were open for everyone (imagine somebody uploads a 'dirty' php file) and than executes it through a webinterface :-(

    Cpanelboys and girls: Next time something like this happens perhaps it's an idea to mention it in the WHM_news !!!!

    Dillard
     
Loading...

Share This Page