PROFTPD with CSF

[hazhayder]

I am getting brute force attacked on proftpd anyway to prevent this brute force attack using csf, i have checked in permanant ban in csf but ip is not listed there smtp is secured by this but i want to prevent the brute force attack on proftpd

 

[Richard G]

In csf.conf have you made this setting (and restart csf and lfd afterwards)?

FTPD_LOG = "/var/log/pureftpd-auth.log"

 

[zEitEr]

Hello,

So ProFTPd (as mentioned by the thread author) or PureFTPd (as mentioned Richard)?

Directadmin BFM finds brute-force attacks on ProFTPd fine.

By the way since 5.19 CSF has DA Server Check for proftpd - check whether pureftp=1 in DA config

http://download.configserver.com/csf/changelog.txt

 

[Richard G]

Oeps.... I'm sorry, I copied the line from a server running proftpd, but I had a mistake in my own config of that server. Which I discovered this way.

However, proftpd is not logging to auth.log either. For proftpd the line should be:

FTPD_LOG = "/var/log/secure"

The check of CSF is nice, but it seems not to automatically change the log setting to the correct logfile. On a new CSF installation maybe, I don't now.

 

[zEitEr]

So, by default CSF misses BruteForce attacks on 21 port?

I've never noticed that, as I usually use BFM+CSF and sFTP on a different port without plain 21.

 

[Tootle]

True,
after changing to "/var/log/secure" it works as it should.

I'm switching from fail2ban -> CSF and noticed this issue (CentOS7/CB2/csf v9.24)

 

[Richard G]

So, by default CSF misses BruteForce attacks on 21 port?

Yes, looks that way since it looks in /var/log/messages by default. Seems after 5 years they still have not adjusted this for DA, maybe because also other ftpd's are used and I guess cPanel (where it was initially made for) also uses /var/log/messages.

 

[Active8]

Just check my csf.conf file but its already fixed:

FTPD_LOG = /var/log/secure (restricted UI item)