Change FTP Server Port

[Ma2T]

Hello,

I am often under a brute force login attack on my FTP and SSH servers.

I managed to successfully stop the SSH login atempts by changing the SSH port, and firewall settings.

But, I can't seem to manage to change the FTP port away from 21.

I don't have a static ip address, so I can't limit it that way.

Any ideas how? A google search, and search here didn't help.

Many thanks for the help.

 

[phoenixisp]

To change the port edit the file /etc/proftpd.conf. Be sure to open the new port in your firewall.

 

[Ma2T]

To change the port edit the file /etc/proftpd.conf. Be sure to open the new port in your firewall.

Thanks for your reply phoenixisp. Thats what I thought, and have tried this. But it still works on port 21, and never seems to change away from it.

Very confusing. Any other ideas?

Many thanks for your help.

 

[phoenixisp]

Did you restart Apache after you edited the file?

# /etc/init.d/httpd restart

 

[Amin Taheri]

isnt ftp controlled by xinetd?

 

[breun]

It is. You'll need to restart xinetd after changing /etc/proftpd.conf, not httpd. Instead of changing the port (hard for customers) I'd look into using a brute force blocker (DenyHosts, fail2ban, etc.).

 

[Ma2T]

Many thanks for the replies guys, it's much appreciated.

I attempted the port change a few weeks back, and i'm quite sure I restarted xinetd, but I will be sure to try it again.

The port change should not be a problem, as i'm the only client on the server

Thanks for the DenyHosts, fail2ban tips, they sound very interesting.

 

[Ma2T]

No luck :/

I edited the port number, and restated xinetd, but it still connects on port 21.

ServerName "ProFTPD"
#ServerType standalone
ServerType inetd
DefaultServer on
<Global>
DefaultRoot ~ psacln
AllowOverwrite on
</Global>
DefaultTransferMode binary
UseFtpUsers on

TimesGMT off
SetEnv TZ :/etc/localtime
# Port 21 is the standard FTP port.
Port 19784
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 12

#Following part of this config file were generate by PSA automatically
#Any changes in this part will be overwritten by next manipulation
#with Anonymous FTP feature in PSA control panel.

#Include directive should point to place where FTP Virtual Hosts configurations
#preserved

ScoreboardFile /var/run/proftpd/scoreboard

# Primary log file mest be outside of system logrotate province

TransferLog /usr/local/psa/var/log/xferlog

#Change default group for new files and directories in vhosts dir to psacln

<Directory /var/www/vhosts>
GroupOwner psacln
</Directory>

# Enable PAM authentication
AuthPAM on
AuthPAMConfig proftpd

IdentLookups off
UseReverseDNS off

AuthGroupFile /etc/group

Include /etc/proftpd.include

My /etc/proftpd.include is blank.

Any further ideas?, it must be stuck on port 21 somewhere.
Cheers

 

[Ma2T]

Has any one managed to change their port number? Maybe plesk is stopping it somewhere?

 

[abdi]

Change FTP port from 21 to another (2021) port on linux plesk server.

edit /etc/proftpd.conf

change the port from 21 to another port suppose port 2021

also edit file /etc/services and make following changes

# 21 is registered to ftp, but also used by fsp
ftp 2021/tcp
ftp 2021/udp fsp fspd

then open the new port in csf.conf or your firewall file and restart xinet.d service on the server.

Done.

 

[abdi]

I just noticed that after these settings, you might not be able to run backups to an FTP Repository.