CSF Check VPS FTP PASV hole

riverdance

Verified User
Joined
Feb 27, 2009
Messages
123
Location
Belgium
Hello,

Im using CSF, but people cant login in FTP. I need always put ip allow in CSF.
I have the ports in CSF open. But people cant still login in FTP when im not put the ip in CSF.

This is my config from FTP

Code:
ServerName		"ProFTPd"
ServerType          	standalone

Port			21
PassivePorts            30000 35000
UseReverseDNS		off
TimesGMT		off
Uitloging		120
TimeoutIdle		600
TimeoutNoTransfer	900
TimeoutStalled		3600

ScoreboardFile			/var/run/proftpd/proftpd.pid

TransferLog		/var/log/proftpd/xferlog.legacy
LogFormat		default "%h %l %u %t \"%r\" %s %b"
LogFormat		auth    "%v [%P] %h %t \"%r\" %s"
LogFormat		write   "%h %l %u %t \"%r\" %s %b"

#DON'T modify this log format.  Its used by DirectAdmin to determine user usage
LogFormat		userlog "%u %b %m %a"
ExtendedLog		/var/log/proftpd/000000000.bytes WRITE,READ userlog

AuthUserFile                    /etc/proftpd.passwd
DefaultServer		on
AuthOrder mod_auth_file.c

#AuthPAM off

<IfModule mod_tls.c>
	TLSEngine on
	TLSLog /var/log/proftpd/proftpd.tls.log
	TLSProtocol SSLv23
	#TLSProtocol TLSv1
	TLSVerifyClient off
	TLSRequired off
	
	#Certificates
	TLSRSACertificateFile /etc/exim.cert
	TLSRSACertificateKeyFile /etc/exim.key
	#TLSCACertificateFile /etc/ftpd/root.cert.pem

	TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
</IfModule>

<Global>
	DeferWelcome		on

	RequireValidShell	no

	DefaultRoot		~
	DirFakeUser on ftp
	DirFakeGroup on ftp

	User			ftp
	Group			ftp
	#UserAlias		anonymous ftp

	AllowStoreRestart	on
	AllowRetrieveRestart	on

	ListOptions		-a

	Umask			022
	DisplayLogin		welcome.msg
	DisplayChdir		readme
	AllowOverwrite		yes
	IdentLookups		off
	ExtendedLog		/var/log/proftpd/access.log WRITE,READ write
	ExtendedLog		/var/log/proftpd/auth.log AUTH auth
	
	#
	# Paranoia logging level....
	#
	#ExtendedLog    /var/log/proftpd/paranoid.log ALL default

	<IfModule mod_tls.c>
		TLSEngine on
		TLSLog /var/log/proftpd/proftpd.tls.log
		TLSRSACertificateFile /etc/exim.cert
		TLSRSACertificateKeyFile /etc/exim.key
	</IfModule>
</Global>

Include /etc/proftpd.vhosts.conf
Can somone put a copie from FTP so i can try if thats works.


Thank you
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,791
Location
A Coruña, Spain
This is mine:

Code:
ServerName              "ProFTPd"
ServerType              standalone

Port                    21
PassivePorts            35000 35999
UseReverseDNS           off
TimesGMT                off
TimeoutLogin            120
TimeoutIdle             600
TimeoutNoTransfer       900
TimeoutStalled          3600

ScoreboardFile                  /var/run/proftpd/proftpd.pid

TransferLog             /var/log/proftpd/xferlog.legacy
LogFormat               default "%h %l %u %t \"%r\" %s %b"
LogFormat               auth    "%v [%P] %h %t \"%r\" %s"
LogFormat               write   "%h %l %u %t \"%r\" %s %b"

#DON'T modify this log format.  Its used by DirectAdmin to determine user usage
LogFormat               userlog "%u %b %m"
ExtendedLog             /var/log/proftpd/93.63.209.93.bytes WRITE,READ userlog

AuthUserFile                    /etc/proftpd.passwd
DefaultServer           on
AuthOrder mod_auth_file.c

#AuthPAM off

<IfModule mod_tls.c>
        TLSEngine on
        TLSLog /var/log/proftpd/proftpd.tls.log
        TLSProtocol TLSv1
        TLSVerifyClient off
        TLSRequired off

        #Certificates
        TLSRSACertificateFile /etc/exim.cert
        TLSRSACertificateKeyFile /etc/exim.key
        #TLSCACertificateFile /etc/ftpd/root.cert.pem

        TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
</IfModule>

<Global>
        PassivePorts            35000 35999
        DeferWelcome            on

        RequireValidShell       no

        DefaultRoot             ~
        DirFakeUser on ftp
        DirFakeGroup on ftp

        User                    ftp
        Group                   ftp
        #UserAlias              anonymous ftp

        AllowStoreRestart       on
        AllowRetrieveRestart    on

        ListOptions             -a

        Umask                   022
        DisplayLogin            welcome.msg
        DisplayChdir            readme
        AllowOverwrite          yes
        IdentLookups            off
        ExtendedLog             /var/log/proftpd/access.log WRITE,READ write
        ExtendedLog             /var/log/proftpd/auth.log AUTH auth

        #
        # Paranoia logging level....
        #
        #ExtendedLog    /var/log/proftpd/paranoid.log ALL default

<IfModule mod_clamav.c>
   ClamAV on
   ClamServer localhost
   ClamPort 3310
   ClamMaxSize 5 Mb
</IfModule>


</Global>

Include /etc/proftpd.vhosts.conf
I suppose is not a ProFTPd issue but a CSF Misconfiguration, be sure to have port 21 in TCP_IN TCP_OUT UDP_IN UDP_OUT in your csf.conf (or from web interface) and to restart csf/lfd after edit.

Regards
 

riverdance

Verified User
Joined
Feb 27, 2009
Messages
123
Location
Belgium
Thank you mate,

Now we need to test is.
So will you try login in the ftp so i can see if it works.

Its work
 
Last edited:

riverdance

Verified User
Joined
Feb 27, 2009
Messages
123
Location
Belgium
Thank you Andrea,

Its work, i see it in de log file.

Thanks again Andrea

Gone delete the test now
 
Top