FTP Passive Mode Ports
Jan 19, 2008what are the inbound and outbound ports when FTP Passive mode is used for PureFTPd.
View 3 Replieswhat are the inbound and outbound ports when FTP Passive mode is used for PureFTPd.
View 3 RepliesAfter some recents updates (currently running on: 12.0.18 Update #19) appeared a problem with connecting to FTP for passive mode users:
Connect ok!
"/" is the current directory
Get directory
227 Entering Passive Mode
550 Access is denied.
Server logs:
/var/log/messages
Oct 14 12:11:26 host xinetd[3692]: START: ftp pid=2709 from=::ffff:xxx.xxx.xxx.xxx
Oct 14 12:11:26 host proftpd[2709]: processing configuration directory '/etc/proftpd.d'
Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - FTP session opened.
But:
/var/log/secure:
Oct 14 12:11:26 host proftpd: PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory
Oct 14 12:11:26 host proftpd: PAM adding faulty module: /lib64/security/pam_stack.so
Oct 14 12:11:26 host proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - USER client: Login successful.
ad1: yes, i do have passive ports configured in /etc/proftpd.conf and FW is properly configured
ad2: everything was fine until recent updates
ad3: this is happening only for passive users only
ad4: we are experiencing this issues across all Plesk instances [6x] on CentOS 6.5 with 12.0.18 Update #19
I am running Plesk 12 . Centos 6.5
I have Plesk Firewall Installed.
After the Plesk Firewall was enabled the FTP Stopped working in passive Mode.
I searched the net and found the following :
Code:
/etc/sysconfig/iptables-config and change the line with IPTABLES_MODULES to: IPTABLES_MODULES="ip_conntrack_ftp"
It started working.
I changed the default FTP port from proftpd.conf
Code:
port 2392
and /etc/services
Code:
ftp 2392/tcp
ftp 2392/udp fsp fspd
I allowed the new port in Plesk Firewall in Incoming connection and disabled port 21
Now I am not able to connect to the ftp, I get the following error. Have I missed anything ?
Code:
Response:257 "/" is the current directory
Command:TYPE I
Response:200 Type set to I
Command:PASV
Response:227 Entering Passive Mode (85,25,51,34,216,46).
Command:MLSD
Error:Connection timed out
Error:Failed to retrieve directory listing
I have some issues with the plesk firewall:
1. Emails are not delivered:
From some reasons, plesk is blocking incoming 25 port (in plesk shows opened, but it's not)My emails are delivered trough port 25, after doing some tests ( i've sent some emails to an email account hosted in the server) there was no email in the roundcube inbox! All emails were blocked...
a) Firewall was blocking the port 25 on server restart.
b) I have succesfully unblocked it from plesk manager -> tools -> edit/change -> even if i didn't change anything, i saved the "changes" and in my roundcube inbox i recived all the test emails.
c) In /var/log/maillog there is no error.
2. Passive FTP gets blocked in the same way, to successfully connect FireFTP on passive mode i need to repeat 1.b steps even if i've created a special rule to prevent the blocking, opening 49152-65534 ports and set PassivePorts 49152 65534 in /etc/proftpd.conf
The issue appears randomly, because in the last 5 days i didn´t restart the server, the last time i checked it worked. Today, without touching anything, firewall blocked my passive FTP and I had probmels reciving emails from gmail, yahoo etc...
i have one problem in cpanel take one error for restart httpd
xx.xxx.xxx.xx:0 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
I'm running a Win2003 dedicated server with IIS and Plesk v9. While trying to configure my FTP ports I found out that my host has a basic (free) hardware firewall on my main/shared IP with ports 2000-2015 reserved for passive FTP connections. I asked them if they could change the ports to match the default ones but to customize hardware firewall settings I'm require to upgrade to a paid solution.
I again tried to approach the problem by trying to get IIS to conform to the host's ports. However after some research I found that the default MSFTP range is 1025-5000 while custom values have to be between 5001-65535. My host recommends I upgrade to a personal hardware firewall or make do with a software firewall. Other than dropping the firewall is there nothing I can do here?
I've thought of serving FTP on a dedicated IP (which would be exempted from the hardware firewall) but when I tried to set it up I got a directory permission error during connection attempts. I may be mistaken but this appears to be an an issue with Plesk not liking to serve a website's HTTP and FTP on separate IPs. Is solving this problem my best bet?
vpsland.com what kind of passive support they have ? 48H without any progress ...
i bought VPS three months back and i am avoiding to disturb their sleeping APAIC but this is the first issue i have with their support , my vps turned offline with out any known reason no billing ,no abusing emails ..etc ...
We're building-out a new room, and believe we could raise cold aisle temps about 5 degrees F if we use ducted cabinet exhaust. Heat density is limited by traditional cold air supply (e.g. 7kw per cabinet using AirGrate perf tiles), so I'm focusing on passive ducted exhaust.
We can purchase via any rep in the USA, FOB. So far, I'm aware of:
- CPI/Chatsworth TeraFrame
- Wrightline
- Wrightline HCS for APC NetShelter
- Damac
- custom?
My roommate ran into this problem a few weeks ago. He could not connect to a webserver. Turns out it is the way that some of the ports are being handled when passive FTP is used.
I was wondering if a lot of web hosting companies are seeing some complaints of (passive) FTP not working properly? And who are you blaming?
He had to install some firmware updates to the Linksys router as well but then that started to crash the Internet connection (something we cannot have). So the router update was uninstalled.
He had to do quite a bit and finally started to use the control panel to upload. He has not tried FileZilla yet but I tried it on my system to connect to his server and it failed.
Do you still have to add each port individually to Server 2008's Firewall like we did on Server 2003?
If so, will the guides that were put out for 2003 work on 2008's? I want to be sure before putting all these ports in....if I can just specify a range instead, it would be much easier!
how to know in which mode php running ? CGI or ISAPI
View 2 Replies View RelatedI currently have one server running PHP in suPHP mode. One of my friend told me that if i change the PHP to Apache Mode, this would decrease my server load a lot and thus give more performance.
Anyone can tell me what mean changing PHP to Apache mode? Is that something i can do from WHM? Will this affect the domains currently hosted on my server?
What is the best option in the php setting does keeping the php function safe mode on or off?
View 12 Replies View Relatedi need to enable php safe mode on for my joomla and i came across this
Quote:
When the php safe mode is turned off globally by default at our server end, you can still override the setting to turn it ON for only your domain by just insert the following line inside the ".htaccess" file (at Linux server):
Code:
php_value safe_mode "1"
my joomla .htaccess file:
Quote:
##
# @version $Id: htaccess.txt 10492 2008-07-02 06:38:28Z ircmaxell $
# @package Joomla
# @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##
#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
#
# mod_rewrite in use
RewriteEngine On
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits
I have a script that needs safe mode off to run, the script writers have said safe mode is disabled as default and not required and even disabled in php 6
Now I'm not to fimular with Safe mode, all I know is most scripts are wrote to work with this on
Should i switch safe mode on or off . Right now i am using it as on some one told me if i switch it off then server can easily hack but becoz i switch it on im having too much problem specially users of sites having problem of uploading and wordpress also have issue and some more script what you say what should i do?
View 9 Replies View Relatedhow can i make "safe mode on/off" using .htaccess?( in SharedHosting )
View 1 Replies View RelatedI would like to know as to whether or not you have php safe mode turned on? If you do, please specify why, and would you allow your clients to turn it off?
View 13 Replies View RelatedI searched but couldn't find much - should you run PHP with safe mode on or off on a shared (Linux) server?
View 3 Replies View RelatedI cannot enable DMA mode on /dev/hda when attemping to enable it via ssh
Code:
hdparm -d1 /dev/hda
/dev/hda:
setting using_dma to 1 (on)
HDIO_SET_DMA failed: Operation not permitted
using_dma = 0 (off)
Code:
hdparm -tT /dev/hda
/dev/hda:
Timing cached reads: 1632 MB in 2.00 seconds = 814.90 MB/sec
Timing buffered disk reads: 8 MB in 3.42 seconds = 2.34 MB/sec
I am running CentOS 4.7 and cPanel 11. cPanel also shows DMA is not enable on this drive. Kernel: 2.6.9-78.0.13.ELsmp
Code:
cat /boot/config-2.6.9-78.0.13.ELsmp |grep DMA
CONFIG_GENERIC_ISA_DMA=y
CONFIG_BLK_DEV_IDEDMA_PCI=y
# CONFIG_BLK_DEV_IDEDMA_FORCED is not set
CONFIG_IDEDMA_PCI_AUTO=y
# CONFIG_IDEDMA_ONLYDISK is not set
# CONFIG_HPT34X_AUTODMA is not set
CONFIG_BLK_DEV_IDEDMA=y
# CONFIG_IDEDMA_IVB is not set
CONFIG_IDEDMA_AUTO=y
CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1
CONFIG_PDC_ADMA=m
Code:
hdparm -i /dev/hda
/dev/hda:
Model=WDC WD2500JB-00REA0, FwRev=20.00K20, SerialNo=WD-WMAN542173
Config={ HardSect NotMFM HdSw>15uSec SpinMotCtl Fixed DTR>5Mbs FmtGapReq }
RawCHS=16383/16/63, TrkSize=0, SectSize=0, ECCbytes=50
BuffType=unknown, BuffSize=8192kB, MaxMultSect=16, MultSect=16
CurCHS=16383/16/63, CurSects=16514064, LBA=yes, LBAsects=268435455
IORDY=on/off, tPIO={min:120,w/IORDY:120}, tDMA={min:120,rec:120}
PIO modes: pio0 pio3 pio4
DMA modes: mdma0 mdma1 mdma2
UDMA modes: udma0 udma1 udma2 udma3 udma4 *udma5
AdvancedPM=no WriteCache=enabled
Drive conforms to: device does not report version:
* signifies the current active mode
i have a cpanel server.. can any one tell me how to allow safe mode to a specific domain?
View 1 Replies View RelatedI am going to run a free host, yes I know I should post this in FWHT but well, they dont answer very fast if at all.
It is very dangerous to have Safe Mode OFF on a free host, but someone was telling me about open_basedir, which makes it so they cant touch any files set outside of open_basedir. Would this be suffiecient to keep them from touching others files? I know I need to disable other functions like exec() and stuff but would open_basedir keep hackers away from others files and hacking them...
how to change phpsafe mode into "off" in cpanel hosting account since Whole server setting is "on" in phpsafe mode? I need for chage it to "off" as reguler cpanel user.
View 6 Replies View RelatedI have 3 75GB HD in R5 mode. Can I add a 4th one to the system?
View 4 Replies View RelatedI have got a dedicated from 1and1. I could not get it working.
I tried the same htaccess with godaddys hosting, it worked fine.
Code:
RewriteEngine On
RewriteRule ^(index*).html$ /index.php [L]
RewriteRule ^(aaa*).html$ /aaa.php [L]
#php_flag register_globals off
I do not want to send them e-mail because it takes ages to get the answer.
What can it be wrong.
I get 404 error.
To Install www.awbs.com scripts to my server
How Can I Do This Following to one site on My server
safe_mode Off
allow_url_fopen On
session.auto_start Off
tell Me that i can do that from httpd config
I have upload the flashchat scripts on server. Its asking the files to change binary mode.
Files uploaded in binary mode (MD5 cd169d413452620389b2b30e6a902b10)No
to change files the binary mode in shell prompt.
I have found on one webhost that they have very cool feature:
Here is what they say:
Quote:
Browsing through any webhost related forum will reveal that giving safe mode off poses extreme security risk to the server. Because it offers hackers a great advantage to access any other members account or read their sensitive files which usually contain passwords.
But then some genuine scripts won't work with safe mode ON. Meaning you could turn it on per member requests but that takes lots of labor.
So we completely reprogrammed the safe mode PHP source code and recompiled it. As a result ours safe mode OFF is light-years safer & hacker-proof then standard PHP v5 safe mode ON.
So all our members are getting safe mode OFF, with harder security then those hosts who offer Safe Mode ON.
So now I am wondering, how they did that? I have searched forums and Google for lots of different keyword but haven't found anything.
I believe a lot of you running Apache as nobody and having php save mode OFF. It there any way you protect yourself? phpsuexec is not a solution now as it increasing load.