Failed FTP login but Host Access Control configured to block

keat63

• September 18, 2019 02:06

I have Host Access Control to block unauthorised login attempts. There are only a very small handful of IP allowed access to FTP. However, this morning I see these in my log files pure-ftpd: (?@124.xxx.xxx.xxx) [WARNING] Authentication failed for user [anonymous] (?@119.xx.xx.xxx) [WARNING] Authentication failed for user [anonymous] (ftpd) Failed FTP login from 119.xx.xx.xxx (CN/China/Jilin/-/194.xx.xx.xxx.adsl-pool.example.com): 3 in the last 3600 secs - *Blocked in csf* [LF_TRIGGER] Any ideas how they may have got past HAC, I was under the impression that HAC wouldn't even allow authetication attempts. I've tons of these coming from different IP's over night.

• 

  cPanelMichael

  • September 18, 2019 17:37

  pure-ftpd

  
  Hello :) The following is documented at FTP Server Selection interface (WHM >> Home >> Service Configuration >> FTP Server Selection).

  For more information, read our

  0
• 

  keat63

  • September 19, 2019 08:55

  Thanks for this. Explains why I'm getting the hit. I do use pureftp for a reason though, but I don't recall why.

  0
• 

  cPanelMichael

  • September 20, 2019 18:54

  I do use pureftp for a reason though, but I don't recall why.

  
  You can review some of the differences on the document below:

  0
• 

  keat63

  • September 23, 2019 21:15

  I found my original post from Feb 2017 and it seems that I chose pureftp over proftp due to a constant echo in my log files. I said: So I toyed with my FTP server selection last night, and now I remember why I switched from proftp to Pure-ftp. Proftp is constantly echoing to var/log/messages. Feb 8 11:25:53 proftpd[17111]: xxx.xxx.xxx.xx (127.0.0.1[127.0.0.1]) - FTP session opened. Feb 8 11:25:53 proftpd[17111]: xxx.xxx.xxx.xx (127.0.0.1[127.0.0.1]) - FTP session closed. I switched to Pure-ftp to stop this from happening. Is there a way to supress these messages for Proftp.

  0

Please sign in to leave a comment.