Pureftpd or Proftpd?

D

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,577
From DirectAdmin version 1.37 there has been support for Pureftpd in custombuild: http://www.directadmin.com/features.php?id=1143

Now I consider to convert from Proftpd to Pureftpd on my shared hosting servers. However I see in the link above that Pureftpd is still considered "beta" in custombuild.

How many of you are using Pureftpd, or have converted to Pureftpd? What are the main advantage of using Pureftpd instead of Proftpd? And what are the main disadvantageous by using Pureftpd instead of Proftpd?

Is there any real problems, and is Pureftpd simply better in all areas then Proftpd?

Is there any special configurations in Pureftpd that should be changed, or is the default setup by custombuild satisfactory when running shared hosting servers?
 
I've been using the Pure-FTPD server for a while now on multiple machines. The general performance seems to be better, although it also might be wishful thinking from me.
 
I had to replace ProFTPd with PureFTPd on some servers, as ProFTPd caused troubles there and it dropped connections, and till now PureFTPd is working fine there, and none issue was discovered.

Nevertheless, on most servers I still use ProFTPd, as I need .ftpaccess to control it.
 
From what I understand now, DirectAdmin uses Pure-FTP as the default FTP server. I see Pro-FTP is on the system but it does not start at boot Pure-FTP does. This is fine for me but I have a question or two I can't seem to solve.

If Pure-FTP is the default then why does DirectAdmin install Pro-FTP and more importantly should I remove Pro-FTP since it is not being used?

I am interested in using only FTP over TLS only. No regular FTP. The problem is I do not know how to make Pure-FTP start with the required options to force TLS.

pure-ftpd --tls=3 is what is needed as an option but how do I make it start with this?
 
You should modify your pureftpd start/stop script (/etc/init.d/pureftpd or /etc/systemd/system/pure-ftpd.service). It has "-Y 1" set by default, so just change it to "-Y 3" and that should be enough :)
 
smtalk said:
You should modify your pureftpd start/stop script (/etc/init.d/pureftpd or /etc/systemd/system/pure-ftpd.service). It has "-Y 1" set by default, so just change it to "-Y 3" and that should be enough :)
Click to expand...


Amazing. Thanks for this tip.
 
For me, proftpd is way better than pure-ftpd because:

1. There is a configuration file in /etc with proftpd (proftpd.conf). On the other hand, pure-ftp has nothing except the file in init.d
2. If the SSL certificates of your server are in place at /etc/exim.cert & /etc/exim.key so you don't have anything to setup for FTP over SSL/TLS because proftpd picks up the right SSL certificates right away. COOL!!!! path to certificates are in proftpd.conf
With proftpd, when i do a "openssl s_client -connect mydomain.com:21 -starttls ftp" against my ftp server. I see the real ssl certificate from my server rather than default localhost as it would be for pure-ftpd.

3. I have only one process id with proftpd.
 
Last edited:
Hi all,

I'm also trying to configure pure-ftpd to work with TLS.
I changed -Y 3 in etc/init.d/pure-ftpd as Martynas adviced and restarted the service. This looks promising as now FileZilla says the server doesn't accept unsafe connections, but I'm still not able to receive the directory listing, so I guess I'm still missing something.

OPTIONS="-B -A -C 15 -E -H -k 99 -L 10000:8 -O stats:${LOG} -l puredb:${DB} -p 35000:35999 -u 100 -U 133:022 -w -Z"
OPTIONS="${OPTIONS} -Y 3 -J HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3"
 
Last edited:
Webfoundry said:
Hi all,

I'm also trying to configure pure-ftpd to work with TLS.
I changed -Y 3 in etc/init.d/pure-ftpd as Martynas adviced and restarted the service. This looks promising as now FileZilla says the server doesn't accept unsafe connections, but I'm still not able to receive the directory listing, so I guess I'm still missing something.

OPTIONS="-B -A -C 15 -E -H -k 99 -L 10000:8 -O stats:${LOG} -l puredb:${DB} -p 35000:35999 -u 100 -U 133:022 -w -Z"
OPTIONS="${OPTIONS} -Y 3 -J HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3"
Click to expand...

I like to be the devil advocate :)

Webfoundry, stop suffering for nothing, the only thing you need is open
/usr/local/directadmin/custombuild/options.conf
and set ftp=proftpd
save
then
./build proftpd
 
Webfoundry said:
ProFTPd has the most CVE vulnerabilities listed. The high number is most likely an indicator of ProFTPd’s widespread use which makes it a target of hackers.
Looking at my bruteforce monitor ... I like to give priority to safety.

http://www.cvedetails.com/product/20682/Pureftpd-Pure-ftpd.html?vendor_id=2152
http://www.cvedetails.com/product/16873/Proftpd-Proftpd.html?vendor_id=9520
http://www.saintcorporation.com/cgi-bin/demo_tut.pl?tutorial_name=ProFTPD_vulnerabilities.html
Click to expand...

In Directadmin 1.48, the proftpd version is ProFTPD Version 1.3.5a
which solves the various problems according to last url.

Plus, it shows that people take care of it. Vulnerabilities reports aren't bad, it shows people are looking into it to make it stronger.
 
You must log in or register to reply here.
Back
Top