PROFTPD with CSF

hazhayder

Verified User
Joined
Oct 26, 2014
Messages
10
I am getting brute force attacked on proftpd anyway to prevent this brute force attack using csf, i have checked in permanant ban in csf but ip is not listed there smtp is secured by this but i want to prevent the brute force attack on proftpd
 
In csf.conf have you made this setting (and restart csf and lfd afterwards)?
Code:
FTPD_LOG = "/var/log/pureftpd-auth.log"
 
Hello,

So ProFTPd (as mentioned by the thread author) or PureFTPd (as mentioned Richard)?

Directadmin BFM finds brute-force attacks on ProFTPd fine.

By the way since 5.19 CSF has DA Server Check for proftpd - check whether pureftp=1 in DA config

http://download.configserver.com/csf/changelog.txt
 
Oeps.... I'm sorry, I copied the line from a server running proftpd, but I had a mistake in my own config of that server. Which I discovered this way.:)

However, proftpd is not logging to auth.log either. For proftpd the line should be:
Code:
FTPD_LOG = "/var/log/secure"

The check of CSF is nice, but it seems not to automatically change the log setting to the correct logfile. On a new CSF installation maybe, I don't now.
 
  • Like
Reactions: Kal
So, by default CSF misses BruteForce attacks on 21 port?

I've never noticed that, as I usually use BFM+CSF and sFTP on a different port without plain 21.
 
True,
after changing to "/var/log/secure" it works as it should.

I'm switching from fail2ban -> CSF and noticed this issue (CentOS7/CB2/csf v9.24)
 
So, by default CSF misses BruteForce attacks on 21 port?
Yes, looks that way since it looks in /var/log/messages by default. Seems after 5 years they still have not adjusted this for DA, maybe because also other ftpd's are used and I guess cPanel (where it was initially made for) also uses /var/log/messages.
 
Just check my csf.conf file but its already fixed:

FTPD_LOG = /var/log/secure (restricted UI item)
 
Back
Top