PROFTPD with CSF

hazhayder

Verified User
Joined
Oct 26, 2014
Messages
10
I am getting brute force attacked on proftpd anyway to prevent this brute force attack using csf, i have checked in permanant ban in csf but ip is not listed there smtp is secured by this but i want to prevent the brute force attack on proftpd
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,287
Location
Maastricht
In csf.conf have you made this setting (and restart csf and lfd afterwards)?
Code:
FTPD_LOG = "/var/log/pureftpd-auth.log"
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Hello,

So ProFTPd (as mentioned by the thread author) or PureFTPd (as mentioned Richard)?

Directadmin BFM finds brute-force attacks on ProFTPd fine.

By the way since 5.19 CSF has DA Server Check for proftpd - check whether pureftp=1 in DA config

http://download.configserver.com/csf/changelog.txt
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,287
Location
Maastricht
Oeps.... I'm sorry, I copied the line from a server running proftpd, but I had a mistake in my own config of that server. Which I discovered this way.:)

However, proftpd is not logging to auth.log either. For proftpd the line should be:
Code:
FTPD_LOG = "/var/log/secure"
The check of CSF is nice, but it seems not to automatically change the log setting to the correct logfile. On a new CSF installation maybe, I don't now.
 
  • Like
Reactions: Kal

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
So, by default CSF misses BruteForce attacks on 21 port?

I've never noticed that, as I usually use BFM+CSF and sFTP on a different port without plain 21.
 

Tootle

Verified User
Joined
Sep 1, 2011
Messages
38
True,
after changing to "/var/log/secure" it works as it should.

I'm switching from fail2ban -> CSF and noticed this issue (CentOS7/CB2/csf v9.24)
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,287
Location
Maastricht
So, by default CSF misses BruteForce attacks on 21 port?
Yes, looks that way since it looks in /var/log/messages by default. Seems after 5 years they still have not adjusted this for DA, maybe because also other ftpd's are used and I guess cPanel (where it was initially made for) also uses /var/log/messages.
 

Active8

Verified User
Joined
Jul 13, 2013
Messages
380
Just check my csf.conf file but its already fixed:

FTPD_LOG = /var/log/secure (restricted UI item)
 
Top