I have recently removed a user from one of the websites hosted within ISPConfig because I had a problem accessing Web-FTP for the said user. I was thinking that if I removed the user and re-created them, that it would clear the FTP problem. When I tried to re-create the user it would not allow me. States the following: Code: The user with the name web2_ctp does already exist. Duplicate Email Address. A user with administrator rights does already exist for this site. I currently do not have any users created for this account. I also deleted the FTP directory in the users folder... How can I clear this? Thank you!
I have sucessfully re-created the user. I still cannot access the FTP directory for this user within Web-FTP in ISPConfig. When I remove admin privileges from this user I can access everything fine. Is there a problem or can administrators not have FTP access through ISPConfig?
There are no limits for WebFTP and amins in ISPConfig. With an external FTP client the Admin FTP account is working? Did you get any errors when you try to login with web ftp?
Ok. Yes, FTP works on all accounts using an external client. When trying to login with Web-FTP, I can login fine as long as the particular user does not have admin rights for the web (through ISPCondig). When I try logging in w/admin rights, it hangs for a couple seconds then ends my ISPConfig session. No errors that I can find...
Proftpd (Debian 3.1 Perfect Setup). I found this in /var/log/daemon.log: The first session [416] is from a non-admin user logging in to web-ftp successfully. The second ftp session [449] is from my admin user logging in to web-ftp unsuccessfully. This is when it ends my ISPConfig session. The third ftp session is from an unknown source. Someone trying to get in I guess. Starting with the [449] there were a total of 150+ attempts. Is this common? Code: Dec 19 09:30:18 server1 proftpd[416]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 09:30:18 server1 proftpd[416]: server1.strec.com (localhost.localdomain[127.0.0.1]) - mod_delay/0.4: delaying for 8 usecs Dec 19 09:30:18 server1 proftpd[416]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 09:30:29 server1 proftpd[449]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 09:30:29 server1 proftpd[449]: server1.strec.com (localhost.localdomain[127.0.0.1]) - mod_delay/0.4: delaying for 1 usecs Dec 19 09:30:29 server1 proftpd[449]: server1.strec.com (localhost.localdomain[127.0.0.1]) - mod_delay/0.4: delaying for 108 usecs Dec 19 09:30:57 server1 proftpd[449]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 09:43:43 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - FTP session opened. Dec 19 09:43:43 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - mod_delay/0.4: delaying for 78 usecs Dec 19 09:43:43 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - no such user 'Administrator' Dec 19 09:43:43 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - mod_delay/0.4: delaying for 5359 usecs Dec 19 09:43:43 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - mod_delay/0.4: delaying for 173 usecs Dec 19 09:43:44 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - no such user 'Administrator' Dec 19 09:43:44 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - mod_delay/0.4: delaying for 5569 usecs Dec 19 09:43:44 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - mod_delay/0.4: delaying for 171 usecs Dec 19 09:43:44 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - no such user 'Administrator' Dec 19 09:43:44 server1 proftpd[654]: server1.strec.com (220-130-134-244.HINET-IP.hinet.net[220.130.134.244]) - FTP session closed. and on and on... Also there are many entries where a session opens and closes (about every 30 minutes). Is this correct? Code: Dec 19 02:00:01 server1 proftpd[26864]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 02:00:01 server1 proftpd[26864]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 02:30:01 server1 proftpd[27254]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 02:30:01 server1 proftpd[27254]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 03:00:02 server1 proftpd[27650]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 03:00:02 server1 proftpd[27650]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 03:30:01 server1 proftpd[28036]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 03:30:01 server1 proftpd[28036]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 04:00:01 server1 proftpd[28419]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 04:00:02 server1 proftpd[28419]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 04:30:01 server1 proftpd[28875]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 04:30:01 server1 proftpd[28875]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 05:00:01 server1 proftpd[29253]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 05:00:01 server1 proftpd[29253]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 05:30:01 server1 proftpd[29632]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 05:30:01 server1 proftpd[29632]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 06:00:01 server1 proftpd[30009]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 06:00:01 server1 proftpd[30009]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 06:30:02 server1 proftpd[30512]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 06:30:02 server1 proftpd[30512]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 06:53:24 server1 proftpd[30805]: server1.strec.com (gate.frodos.fi[192.89.219.100]) - FTP session opened. Dec 19 06:53:24 server1 proftpd[30805]: server1.strec.com (gate.frodos.fi[192.89.219.100]) - FTP session closed. Dec 19 07:00:01 server1 proftpd[30891]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 07:00:01 server1 proftpd[30891]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 07:30:01 server1 proftpd[31270]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 07:30:01 server1 proftpd[31270]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 08:00:01 server1 proftpd[31647]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 08:00:01 server1 proftpd[31647]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 08:21:47 server1 proftpd[31927]: server1.strec.com (ACB1F122.ipt.aol.com[172.177.241.34]) - FTP session opened. Dec 19 08:21:48 server1 proftpd[31927]: server1.strec.com (ACB1F122.ipt.aol.com[172.177.241.34]) - mod_delay/0.4: delaying for 85 usecs Dec 19 08:21:48 server1 proftpd[31927]: server1.strec.com (ACB1F122.ipt.aol.com[172.177.241.34]) - no such user 'anonymous' Dec 19 08:21:48 server1 proftpd[31927]: server1.strec.com (ACB1F122.ipt.aol.com[172.177.241.34]) - mod_delay/0.4: delaying for 6252 usecs Dec 19 08:21:48 server1 proftpd[31927]: server1.strec.com (ACB1F122.ipt.aol.com[172.177.241.34]) - FTP session closed. Dec 19 08:30:01 server1 proftpd[32033]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 08:30:01 server1 proftpd[32033]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Dec 19 09:00:01 server1 proftpd[32417]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session opened. Dec 19 09:00:01 server1 proftpd[32417]: server1.strec.com (localhost.localdomain[127.0.0.1]) - FTP session closed. Furthermore, here are the corresponding entries from the auth.log for the two login attempts from web-ftp. It looks like the admin account does login successfully, but gets booted shortly after: Code: Dec 19 09:30:18 server1 proftpd: (pam_unix) session opened for user web2_ctp by (uid=0) Dec 19 09:30:18 server1 proftpd[416]: server1.strec.com (localhost.localdomain[127.0.0.1]) - USER web2_ctp: Login successful. Dec 19 09:30:18 server1 proftpd: (pam_unix) session closed for user web2_ctp Dec 19 09:30:29 server1 proftpd: (pam_unix) session opened for user web2_admin by (uid=0) Dec 19 09:30:29 server1 proftpd[449]: server1.strec.com (localhost.localdomain[127.0.0.1]) - USER web2_admin: Login successful. Dec 19 09:30:57 server1 proftpd: (pam_unix) session closed for user web2_admin Dec 19 09:39:01 server1 CRON[577]: (pam_unix) session opened for user root by (uid=0) Dec 19 09:39:01 server1 CRON[577]: (pam_unix) session closed for user root I also found something interesting. Due to the fact that I kept getting hit with from the unknown user, I decided to stop the proftpd service. I did so and confirmed that the user attemts ceased. I then started up the service and got this error: Code: server1:~# /etc/init.d/proftpd start Starting ProFTPD ftp daemon: - warning: "ProFTPD" address/port (192.168.2.50:21) already in use by "Debian" proftpd.
Please make sure you're using the right username for login: Normally the usernames are something like web<id>_<name>, not Administrator or something like that.
That is not me but someone else trying to get in--robot or something. If you look at what I posted from the auth.log file, you will see that I am trying to using the appropriate usernames (web2_ctp and web2_admin).
proftpd.conf: Code: # # /etc/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes reload proftpd after modifications. # ServerName "Debian" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayFirstChdir .message ListOptions "-l" DenyFilter \*.*/ # Uncomment this if you are using NIS or LDAP to retrieve passwords: #PersistentPasswd off # Uncomment this if you would use TLS module: #TLSEngine on # Uncomment this if you would use quota module: #Quotas on # Uncomment this if you would use ratio module: #Ratios on # Port 21 is the standard FTP port. Port 21 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User nobody Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # Normally, we want files to be overwriteable. AllowOverwrite on # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 # It is on by default. #DelayEngine off # A basic anonymous configuration, no upload directories. # <Anonymous ~ftp> # User ftp # Group nogroup # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # Cosmetic changes, all files belongs to ftp user # DirFakeUser on ftp # DirFakeGroup on ftp # # RequireValidShell off # # # Limit the maximum number of anonymous logins # MaxClients 10 # # # We want 'welcome.msg' displayed at login, and '.message' displayed # # in each newly chdired directory. # DisplayLogin welcome.msg # DisplayFirstChdir .message # # # Limit WRITE everywhere in the anonymous chroot # <Directory *> # <Limit WRITE> # DenyAll # </Limit> # </Directory> # # # Uncomment this if you're brave. # # <Directory incoming> # # # Umask 022 is a good standard umask to prevent new files and dirs # # # (second parm) from being group and world writable. # # Umask 022 022 # # <Limit READ WRITE> # # DenyAll # # </Limit> # # <Limit STOR> # # AllowAll # # </Limit> # # </Directory> # # </Anonymous> Defaultroot ~ IdentLookups off ServerIdent on "FTP Server ready." DefaultRoot ~ Include /etc/proftpd_ispconfig.conf I will post netstat -tap in the next post...(too large)
Sorry for delay... netstat -tap: Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:imaps *:* LISTEN 1 159/couriertcpd tcp 0 0 *:pop3s *:* LISTEN 1 182/couriertcpd tcp 0 0 localhost.localdo:mysql *:* LISTEN 3 420/mysqld tcp 0 0 *:pop3 *:* LISTEN 1 168/couriertcpd tcp 0 0 *:imap2 *:* LISTEN 1 145/couriertcpd tcp 0 0 *:www *:* LISTEN 1 0407/apache2 tcp 0 0 *:81 *:* LISTEN 7 161/ispconfig_http tcp 0 0 *:ftp *:* LISTEN 1 835/proftpd: (acce tcp 0 0 server1.strec.co:domain *:* LISTEN 2 7130/named tcp 0 0 localhost.locald:domain *:* LISTEN 2 7130/named tcp 0 0 *:ssh *:* LISTEN 1 400/sshd tcp 0 0 *:smtp *:* LISTEN 2 5234/master tcp 0 0 localhost.localdoma:953 *:* LISTEN 2 7130/named tcp 0 0 *:https *:* LISTEN 1 0407/apache2 tcp 0 0 server1.strec.com:www 208.152.231.254:25862 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25926 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25895 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25863 TIME_WAIT - tcp 0 0 server1.strec.com:ssh XXX.XXX.XXX.XXX:3243 ESTABLISHED5 934/sshd: root@not tcp 0 0 server1.strec.com:www 208.152.231.254:25892 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25860 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25924 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25893 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25861 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25890 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25858 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25891 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25923 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25888 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25856 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25920 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25889 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25902 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25870 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25871 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25868 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25901 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25869 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25898 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25866 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25899 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25867 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25896 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25864 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25865 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25878 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25879 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25847 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25908 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25876 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25877 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25906 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25874 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25907 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25875 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25873 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25918 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25886 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25854 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25887 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25884 TIME_WAIT - tcp 0 452 server1.strec.com:ssh XXX.XXX.XXX.XXX:3248 ESTABLISHED5 955/0 tcp 0 0 server1.strec.com:www 208.152.231.254:25852 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25885 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25853 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25882 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25850 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25883 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25912 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25880 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25848 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25913 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25881 TIME_WAIT - tcp 0 0 server1.strec.com:www 208.152.231.254:25849 TIME_WAIT - Not sure where the 208.152.231.254 is coming from???
I don't know if this is causing problems, but you have Code: Default[B]r[/B]oot ~ and Code: Default[B]R[/B]oot ~ in your /etc/proftpd.conf. The first one is wrong, so I'd remove it and restart Proftpd. This must be ISPConfig's monitoring script which tries to connect to your FTP server to see if it's still running. This is absolutely ok.
I removed the first "Defaultroot ~", restarted proftpd, and tried it. It still kicks me out of ISPConfig... When I restarted proftpd it gave me the same error: Code: Starting ProFTPD ftp daemon: - warning: "ProFTPD" address/port (192.168.2.50:21) already in use by "Debian" proftpd. Do you think this is a problem?
That was a good resource falko, but I tried everything within it and still no luck on clearing the message: Code: Starting ProFTPD ftp daemon: - warning: "ProFTPD" address/port (192.168.2.50:21) already in use by "Debian" proftpd. Again, FTP is running fine on the system, with the one exception that I cannot set a user with admin rights for one of my websites. I tried it on another two sites and admin worked fine through web-ftp. How can I check to see if VSFTPD is installed? I ran "locate vsftpd" and had one hit: Code: /root/ispconfig/isp/conf/vsftpd.conf.master
Okay, I found that an error message was popping up for a VERY brief moment before it boots me out of ISPConfig (when trying to login to web-ftp one site 2 w/admin rights). I was able to capture a screenshot of it though:
