Prevent anonymous FTP connections on ProFTPd

  • fuggi
  • 04/03/12
  • Offline
Posted: Tue, 2012-04-03 10:36

Hello everybody, I want to prohibit any anonymous FTP connections to virtual servers on ProFTPd. Therefore, I tried to remove the whole Anonymous section from the virtual server template as suggested by the ProFTPd FAQ. But this attempt is cancelled by Virtualmin, I guess, with an missing user directive error.

What am I doing wrong?

Regards, fuggi

OS: Debian 6.0; Webmin version: 1.58; Virtualmin version: 3.9


Howdy, Hmm, normally,

  • andreychek
  • 01/05/09
  • Offline
  • Tue, 2012-04-03 11:06

Howdy,

Hmm, normally, anonymous logins would be disabled by default on a Debian system.

Are you able to login as anonymous though?

Two questions for you --

  1. What is the exact error you receive after commenting out that section?

  2. Can you post your proftpd.conf file?

Thanks!

-Eric


Hi Eric, thank you for your

  • fuggi
  • 04/03/12
  • Offline
  • Tue, 2012-04-03 12:44

Hi Eric,
thank you for your quick response!

I haven't tried logging in as anonymous FTP user so far, because I only installed ProFTP after I had created one virtual server for testing purposes. But I already ran /etc/init.d/proftpd check-config what worked out well.

Regarding your questions:
1. "Failed to save server template : Missing User directive"
2. Please find the configuration file attached.

Thank you very much in advance!

Best regards,
fuggi


Hello Eric, additionally, I

  • fuggi
  • 04/03/12
  • Offline
  • Thu, 2012-04-05 01:42

Hello Eric,
additionally, I want to remove that Anonymous section for ProFTPd from the server template, because when I try to enable the ProFTP feature Virtualmin throws the following error:
"Failed to save enabled features : An error was found in the ProFTPd configuration template : Unix group ftp in Group directive does not exist. This must be fixed by editing the Default Settings on the Server Templates page."

Regards,
Marcus


Another reason

  • fuggi
  • 04/03/12
  • Offline
  • Thu, 2012-04-05 07:52

Hi Eric,
and there is one more reason to get rid of this Anonymous section in the virtual server template: "Note that anonymous access via a specific domain name requires an IP-based virtual FTP host to be configured." I cannot meet this restriction, because I've got one IP address only and want to setup hostname-based virtual FTP servers.

Another problem is the preference "Anonymous FTP subdirectory to create" which provides only the options "Default (ftp)" and "Directory under home [INPUT]". But I am missing an option like "none (no anonymous access allowed)".

Could you please bring some light into my darkness?

Regards,
fuggi


Well, it sounds like there's

  • andreychek
  • 01/05/09
  • Offline
  • Thu, 2012-04-05 08:46

Well, it sounds like there's some sort of syntax error in there, though I'm not immediately seeing what it is.

However, that's all a bit odd, as Debian has anonymous FTP disabled by default. On a fresh Debian 6 install I have here, that anonymous block is all commented out.

So it sounds like there may be some settings that have been tweaked to non-default values there...

What I'll do is upload a copy of the proftpd.conf file I have here -- it's from Debian 6, hopefully it'll help you resolve the issues you're seeing there!

-Eric


Hi Eric,why do you think

  • fuggi
  • 04/03/12
  • Offline
  • Thu, 2012-04-05 09:15

Hi Eric,
why do you think there might be a syntax error? Would there be no Anonymous block in the ProFTPd directives template for new virtual servers and a "none" option for the "Anonymous FTP subdirectory to create" if there was no syntax error in the proftpd.conf?

As you might have seen, the Anonymous section in my proftpd.conf was commented out, too. So the anonymous login for the main/default server was already disabled. I will look for syntax errors in it, but I do not know how such could have came in, because it was a fresh installation of ProFTPd.

Anyway, I have disallowed anonymous access to virtual servers now by inserting a <Limit LOGIN> section into the virtual server template directives. I'm aware this is a workaround only and may not solve all my above mentioned issues.

Regards,
fuggi


Change the user in the

  • haydent
  • 12/31/08
  • Offline
  • Sat, 2013-01-19 22:52

Change the user in the ProFTPd template to be nobody.