Help - Search - Members - Calendar
Full Version: Preventing proftpd from running at all?
The Planet Forums > Control Panels > cPanel/WHM
platypus
Mar 4 2005, 09:39 AM
How do I stop proftpd from ever running at server startup? I want to run something else on port 21 and this annoying thing is always running. I can manually shut it down, but if I need to restart my server I don't want it coming back, nor do I want cPanel deciding to turn it back on.

Can anyone help? is this in the /etc/rc.d files?
Thanks very much!
(Redhat Enterprise 3 w/ cPanel)
athakur999
Mar 4 2005, 03:42 PM
If you go into WHM and look under "Service Configuration" there is an item called "Service Manager". Go into that and uncheck the "proftpd/pure-ftpd" box and cPanel should stop starting it.
platypus
Mar 4 2005, 07:37 PM
I've done that, but I think it is still running.

If I run "ps -aux|grep ftp" it says it is still listening.
If I run "proftpd stop", it also says it has stopped.
If I run "netstat -l" something is still listening on 21.

I need port 21 to be completely freed so I can serve something else on that port! Thanks for the help!
eddy2099
Mar 5 2005, 05:37 AM
Maybe this would help

http://forums.cpanel.net/showthread.php?t=...ght=disable+ftp

QUOTE
trakwebster  

HOWTO disable ProFTP on cpanel boxes ...
On our machines, we have no need to run ProFTP or any ftp program. But when I tried to get it turned off I had to struggle a bit, because cpanel kept turning it back on!

After tinkering, I think I've learned the complete steps to make ProFTP cease to run. Here they are --

1) To see whether ftp is running, you can use 'ps -aux | grep ftp'.

To stop proftpd running *now*, run /etc/rc.d/init.d/proftpd stop.

To verify it's no longer running, again use 'ps -aux | grep ftp'.

2) There's a checkbox in Service Manager in WHM and it appears to make ProFTP stop running. But it does *not* actually work. This checkbox is effectively broken.

Because every five minutes, cpanel checks to see that some ftp is running, and if not defaults to proftp and starts it up. End of story. Cannot turn off ProFTP from WHM.

(It will *appear* to stop, but if you reboot, or if the next cpanel check comes along, proftp will be started up again.)

3) Removing /etc/rc.d/init.d/proftpd startup script does stop it from running, but generates 288 daily complaining emails from cpanel.

However, removing this file is the only way to stop proftp after reboots, so it must be removed. If you might *ever* use ftp again, then you'll want to keep this file somewhere.

4) To stop cpanel's checking (and complaining), you must also remove /etc/chkservd.d/proftpd file. This stops cpanel checking for ftp running. (Likewise, if you might ever use ftp, then you'll want to keep this file somewhere.)

That's it. ProFTP is now not running, will not start up on reboot, and will not be restarted every five minutes by cpanel.
__________________
-- Arthur Cronos from Voltos
==
platypus
Mar 5 2005, 09:25 AM
GEEEEEZ.

Does anyone else find this INCREDIBLY IRRITATING? Especially since SFTP/SCP *should* be becoming the defacto standard, and FTP has too many inherent security flaws to be really used seriously any more.

I think cPanel should 1. make the checkbox work, 2. inform people about SFTP/SCP and its benefts, 3. leave FTP off by default.

Thanks so much for this info, I had figured out all the steps except the last one, which is pretty necessary!!!
platypus
Mar 5 2005, 09:43 AM
Guess what? IT DOESN'T WORK!

The proftpd scripts are gone from /etc/rc.d/init.d and /etc/chkserv.d
I've killed proftpd with "killall proftpd".
Then as an experiment I restart cPanel with "/etc/rc.d/init.d/cpanel restart"

I then run "ps -aux | grep ftp" and GUESS WHAT?

I see too processes:
/usr/bin/perl /scripts/restartsrv2 ftpserver
proftpd: (accepting connections)

%$&*(#$ !!!
clearsignal
Mar 5 2005, 09:47 AM
I know this may not be exactly what you are looking for: Perhaps use your firewall to block the ftp port so nobody can use that standard port, and run your sftp or whatever on a different port? As for stopping the cpanel check, that is wierd, you should pop over to cpanel.net and see if they have any info on that issue.

Cheers
platypus
Mar 5 2005, 09:57 AM
Ok, I think I got it to stop. I edited /scripts/restartsrv_ftpserver and put "exit();" as the first line so it effectively doesn't run. I hope that is an acceptable solution.

I really would like to be able to use port 21 for this reason:

I'm developing an online Poker game that typically runs on port 22777. No problems there. Some of the players, however, cannot connect to that port because sometimes they play from behind a corporate firewall that blocks that port. So, if I run it on port 21, the firewall will allow it as it assumes it is FTP.

The game is not running as root (not necessary) but as non-root I can't open a port # below 1024. So, I thought I would use APF to reroute packets from port 21 to port 22777. It was very annoying that the FTP server would keep coming alive and getting in the way. I still can't get it to work, but I need to do some more testing to see if the problem is with port *21* or if I cannot re-route ANY port below 1024. I know my method for routing works, as I have been succesful routing port 22000 to port 22777.

If you're curious, the poker game is running at http://www.triplejack.com/ ![/url]
Fatsie
Mar 5 2005, 11:30 AM
Just a word of caution, I have blocked access to port 21 on the firewalls at work (only the IT dept. and select users with a clue can get out). I suspect other netadmins might do the same....
chirpy
Mar 5 2005, 12:05 PM
QUOTE (platypus)
Ok, I think I got it to stop.  I edited /scripts/restartsrv_ftpserver and put "exit();" as the first line so it effectively doesn't run.  I hope that is an acceptable solution.

Not really. The nightly upcp run (as soon as you upgrade part the current STABLE release) will automatically replace any modified scripts in /scripts/ and wipeout your change.

All you probably need to do (in addition to disabling the check option, deleting the file in /etc/chkserv.d/) is to:

rm -f /var/run/chkservd/ftpd
platypus
Mar 5 2005, 12:53 PM
QUOTE (Fatsie)
Just a word of caution, I have blocked access to port 21 on the firewalls at work (only the IT dept. and select users with a clue can get out). I suspect other netadmins might do the same....


Yea, I realize port 21 is not always going to work, but I know that for some players, it does. Plus, the game is smart enough to fail over to the other ports (22777, etc) if 21 doesn't work. Thanks!
facecake
Mar 6 2005, 05:31 AM
QUOTE (Fatsie)
Just a word of caution, I have blocked access to port 21 on the firewalls at work (only the IT dept. and select users with a clue can get out). I suspect other netadmins might do the same....


<ot>
At my work only port 80 outbound is enabled, unless they authenticate with pfauth, then depending on the level of access i want to give them, depends on the ports they are allowed to use. each machine if on a different vlan from all others. all the phones are on a shared vlan along with the telecoms server (which is also on another vlan. Internal machines can only access port 80 outbound and port 80 on the exchange server
</ot>
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.