Plesk 11.x / Linux :: Enabled Firewall To IP - Failed To Retrieve Directory Listing
Apr 10, 2014
I enabled plesk firewall to my ip now I cant seem retrieve directory listing. I've done the same with ssh that works fine.
Response:230 User logged in
Command:OPTS UTF8 ON
Response:200 UTF8 set to on
Status:Connected
Status:Retrieving directory listing...
Command:PWD
Response:257 "/" is the current directory
Command:TYPE I
Response:200 Type set to I
Command:PASV
Response:227 Entering Passive Mode
Command:MLSD
Error:Connection timed out
Error:Failed to retrieve directory listing
Initially I was able to connect via FTP. Then all of a sudden I started getting 550 SSL/TLS required on the control channel. Why did it suddenly required SSL/TLS when I did not do anything extra?
Now when I'm trying to connect via FTPES using FileZilla (tried both active and passive) on Linux Mint Debian, I'm getting the error below. I'm really stumped. I have tried to Allow incoming from all on port 49152-65534/tcp via Plesk firewall, but still no go.
The worst thing now is, I can't even get FTP to work anymore. Of course I would prefer to have TLS working.
Status:Connection established, waiting for welcome message... Response:220 ProFTPD 1.3.5 Server (ProFTPD) [206.106.213.243] Command:AUTH TLS
Command:MLSD Response:150 Accepted data connection Response:226-ASCII Response:226-Options: -a -l Response:226 24 matches total Error:Connection timed out Error:Failed to retrieve directory listing
Today I try to fit all FW rules to my need. After i blocked the traffic "allow other incoming traffic" in the Plesk FW i dont get folders listed via FTP. The FTP client connect to my server, but listing content times out. After allow other traffic the content get listed. The rule "Allow FTP connections" ist in all enabled all the time.
After upgrading to Plesk 12 the FTP connection has become very slow. Mode Security, Fail2Ban and Plesk Firewall have been enabled, the security is set to force sFTP and maximum security and in /etc/proftpd.d/ a conf file has been added to set the passive ports that have been opened in the Plesk Firewall (60000 to 62000)
Turning off the Mod Security does not solve the slow connection.
What can we do to detect the cause of the problem?
After the Plesk Firewall was enabled the FTP Stopped working in passive Mode.
I searched the net and found the following :
Code:
/etc/sysconfig/iptables-config and change the line with IPTABLES_MODULES to: IPTABLES_MODULES="ip_conntrack_ftp"
It started working.
I changed the default FTP port from proftpd.conf
Code: port 2392 and /etc/services
Code: ftp 2392/tcp ftp 2392/udp fsp fspd
I allowed the new port in Plesk Firewall in Incoming connection and disabled port 21
Now I am not able to connect to the ftp, I get the following error. Have I missed anything ?
Code:
Response:257 "/" is the current directory Command:TYPE I Response:200 Type set to I Command:PASV Response:227 Entering Passive Mode (85,25,51,34,216,46). Command:MLSD Error:Connection timed out Error:Failed to retrieve directory listing
For some time now the Autoinstaller fails and the Plesk control panel becomes inoperable until I run the stop and then start command for the plesk control panel. Looking at the error log: autoinstaller3.log I see the following output:
WARNING: Third-party Yum repository 'atomic' is enabled, installation may fail.
Since you use one or more 3rd-party repos (say, atomic), be careful when installing different package versions from different repos as this may lead to installation failures. For example, you may encounter a problem if you first install PHP from a 3rd-party repo and then upgrade it using the Parallels repo. To avoid such situations, install and upgdare packages from the same repo.
Traceback (most recent call last): File "/usr/local/psa/bin/yum_install", line 194, in <module> main() File "/usr/local/psa/bin/yum_install", line 189, in main
[code]....
The Yum utility failed to install the required packages.Attention! Your software might be inoperable.contact product technical support.Click to expand...
I've just made a transition from a VDS to a Dedicated and I'm having problems preventing directory contents from showing. In my previous server whenever I created a directory, it would automatically give a 403 when you tried to access the directory directly in your browser (which is what I want). Now when I set up directories in this new dedicated the contents of the directories display when there is either no index page or if I didn't have an htaccess file preventing it from listing the contents.
So what im asking is how did my previous server automatically set up the directories to not display the contents but use the contents and allow access to say for example pictures in the directory?
Is there a way I can have apache automatically do this for me or do I have to place a blank index page in every directory i create or have to place an htaccess file in every directory I create? How can I protect the contents with a 403 but still allow the contents to be accessed only through full path?
May be this is a stupid question, but I really don't know why I can't list the files in the root folder of a website(I didn't put any index.html or index.php in the folder).
I point my domain.com to /home/user/docs, the server can list domain.com/test/ files. But it can't list the files of domain.com/. It just shows the page at /var/www/htm, if I don't have any index file under /home/user/docs.
I have this in the httpd.conf file:
<Directory "/home/user/docs"> Options +Indexes allow from all </Directory>
The Plesk panel indicates that the Spam folder can be retrieved using an email client. We are using Outlook 2013 and can not figure out a way to make this happen. We can see the Spam folder using Webmail, but the contents never shows up in Outlook...
I've been plagued by CBL listing for quite some time now, on a linux server with Plesk 12.After months of a fierce fight against every possible malware on the about 120 various websites on this server, extensively monitoring clients emails, enabling restrictive policies and finally even hiring a private security firm to investigate the problems further, we were sure that not a single spam message was sent by our server in any way.
So we finally contacted CBL, exposed the issue and got this answer:The CBL attempts to detect compromised machines in a number of ways based upon the email that the CBL's mail servers receive.During this it tries distinguish whether the connections represent real mail servers by ensuring that each connection is claiming a plausible machine name for itself (via SMTP HELO), and not listing any IP that corresponds to a real mail server (or several mail servers if the IP address is a NAT firewall with multiple mail servers behind it). 54.194.XX.XXX was found to be using several different EHLO/HELO names during multiple connections on or about:
The names seen included: xxx1.xx, xxx2.xx, xxx3.xx, xxx4.xx, xx.xxx5.xx, veniceberg.com..Note that the above list may include one or more names that are not fully qualified DNS names (FQDNs). Host names (ie: Windows node names) without a dot are not FQDNs.
The final possibility is that 54.194.XX.XXX is not a NAT firewall, and is instead a single box with many domains provisioned on it, some that send email directly, setting the HELO as the sending domain. If this is the case, to prevent a relisting we strongly recommend setting the mail software on the box so that a single identifying name is used in outbound SMTP connections mail software on the box so that a single identifying name is used in outbound SMTP connections. As an alternate workaround, you can configure the mail software to relay its outbound email through an intermediate mail server. Even a co-resident mail server package (such as IIS on Windows) will do fine.
This pointed me to this Plesk Mail setting (not sure if this selection is the default). Now we are waiting a few days to see if changing to "Send from domain IP addresses" solves the issue. I think this is a kind of issue which deserves attention by Parallels to avoid other users go trough our fatiguing ordeals. If this setting is responsible for getting servers blacklisted, it should be highly discouraged.
when trying to add several useraccounts to our mail domain using the cli, we have a problem enabling the antivirus. We add user with the following CLI command, the antivirus flag is set. /usr/local/psa/bin/mail --create mail@mail.box -mailbox true -antivirus inout -passwd yourpassword -cp-access true
But when we got to the web interface and select the newly created user, the antivirus is still disabled for him and has to be enabled manually. Is this a known problem? Or is there any other way to automatically enable antivirus than using the "-antivirus" flag? Because we 're talking about more than 100 users it would take a lot of time enabling the AV manually for each of them.We 're running 12.0.18 Update Nr. 29
I have this big problem, when I try to create a new signature, it returns me this error (ProtDir_IIS :: update () failed: Add Protected Directory failed: columns SiteId, path are not unique (Error code 1)).
I enabled rkhunter in Plesk 12 to check the system weekly. I get a warning now, which I never got in older versions of Plesk:
The current hash function (/usr/bin/sha1sum) or package manager (DPKG) is incompatible with the hash function (Unset) or package manager (Unset) used to store the values. Debian 7.6 x64
When I turn on nginx for the server I am able to browse non SSL protected sites correctly. I receive a 502 Bad Gateway error on any sites that have an SSL certificate. Is there a fix for this? I have been unable to find one.
I have a public website, unfortunately, I believed it was being hacked and now the page only display:Directory listing Denied. This Virtual Directory does not allow to be listed..
How could I solve it?My website just consists of one phpbb forum and some html files.
It is possible to have anti-virus and anti-spam enabled by default when we go to "CREATE E-MAIL ADRESS" -> "SPAM FILTER" / "ANTI-VIRUS" is always disabled.
I have these problems since version 11.5. Now I have installed version 12 on centos . FTP works fine and is super fast and speedy until i enable PLEK FIREWALL, I also tried to add passive port range 60000-65534 to Plesk Firewall rules.
But nothing works.
It takes like 10 times longer to Login + List Files + Make changes using FTP. We applying changes via FTp and its very slow. We can use plesk file manager but its very inconvenient way for quick file uploads and changes.
I just started using plesk for my blogs and websites, so testing and finding my way around i notice every site i add instead of having its own folder just like in cpanel(shared hosting) the sites are been added under the primary domain.
# ll /opt/psa/var/modules/firewall/active.flag ls: cannot access /opt/psa/var/modules/firewall/active.flag: No such file or directory
# /etc/init.d/psa-firewall start psa-firewall: service is disabled
You then have to manually "touch" the active.flag to be able to start the firewall again. A workaround is to remove the line:
Code: sed -i 's:rm -f /opt/psa/var/modules/firewall/active.flag::' /opt/psa/var/modules/firewall/firewall-emergency.sh'
I really hope that Parallels fixes this asap, as normally you won't notice that the firewall is not active when every works fine (nothing is blocked) and Plesk still shows all the rules.
I currently have the Web Application Firewall (ModSecurity) installed but would like a visual interface to block IP's, subnets etc.. Can I install the Plesk firewall as well without any conflict with the Web Application Firewall?