Solved Need help about Proftpd's settings

[Dettol]

I hope this message finds you well. For security reasons, I want to configure the FTP settings in my DirectAdmin to allow login only from specified IP addresses. Previously, I added the following lines to /etc/proftpd.conf:

<Limit LOGIN>
# Server IP
Allow from 123.123.123.123

# My IP
Allow from 11.49.22.11

# Everyone else is denied
DenyAll
</Limit>

However, this method resets the /etc/proftpd.conf file after each update, resulting in numerous unauthorized login attempts and brute force attacks.


I would like to ask if there is a way to implement fixed settings in DirectAdmin's ProFTPD that won't be reset or deleted during updates.


Thank you very much for your help!

 

[Richard G]

I don't know if pro-ftpd also can be set to a custom directory to keep the config.
But if not, there are some other solutions.

1.) Set proftpd.conf to immutable as the config seldom changes anyway
2.) Remove port 21 from the firewall TCP_IN and out and from the PORTS_ftpd = "20,21" line on the bottom. Then put both that server ip and the "my ip" in the csf.allow. With this one be aware they won't be checked anymore if the csf.ignore is bounded with the csf.allow file (also an option in the csf.conf). They can not bypass any port.

 

[Dettol]

I don't know if pro-ftpd also can be set to a custom directory to keep the config.
But if not, there are some other solutions.

1.) Set proftpd.conf to immutable as the config seldom changes anyway
2.) Remove port 21 from the firewall TCP_IN and out and from the PORTS_ftpd = "20,21" line on the bottom. Then put both that server ip and the "my ip" in the csf.allow. With this one be aware they won't be checked anymore if the csf.ignore is bounded with the csf.allow file (also an option in the csf.conf). They can not bypass any port.

Thank you so much

 

[zEitEr]

I don't know if pro-ftpd also can be set to a custom directory to keep the config.

it can be

mkdir -p /usr/local/directadmin/custombuild/custom/proftpd/conf/
cd /usr/local/directadmin/custombuild/custom/proftpd/conf/
\cp -fvp /etc/proftpd.conf .

 

[Dettol]

it can be

mkdir -p /usr/local/directadmin/custombuild/custom/proftpd/conf/
cd /usr/local/directadmin/custombuild/custom/proftpd/conf/
\cp -fvp /etc/proftpd.conf .

Thank you! This method is much more straightforward, and I really appreciate it

 

[Richard G]

I wasn't sure but I'm glad to see it is in fact possible to do because indeed that's the best solution.
Thank you @zEitEr!

 

[zEitEr]

More details @Richard G: https://docs.directadmin.com/custombuild/customize-everything.html