Pure-FTPd FTP Configuration WHM
Version 1.0.22 and higher of this popular FTP daemon allows the administrator to enforce TLS encryption on both the command and data channels of an FTP session. The FTP Server Configuration interface in WHM is updated to provide access to this feature.
The Broken Clients Compatibility directive is added to the WHM FTP Server Configuration interface. When enabled, this directive causes Pure-FTPd to ignore parts of the FTP protocol standards, to improve compatability with some buggy FTP clients and firewalls.
FTP Connection Issues
On servers running Monolithic kernels (e.g. VPS Virtuozzo/OpenVZ and custom built kernels) ip_conntrack and ip_conntrack_ftp iptables kernel modules may not be available or fully functional. If this happens, FTP passive mode (PASV) won’t work. In such circumstances you will have to open a hole in your firewall and configure the FTP server to use that same hole.
For example, with pure-ftpd you could add the port range 30000:35000 to TCP_IN and add the following line to /etc/pure-ftpd.conf and then restart pure-ftpd:
PassivePortRange 30000 35000
For example, with proftpd you could add the port range 30000:35000 to TCP_IN and add the following line to /etc/proftpd.conf and then restart proftpd:
FTP over SSL/TLS will usually fail when using an SPI firewall. This is because of the way the FTP protocol established a connection between client and server. iptables fails to establish a related connection when using FTP over SSL because the FTP control connection is encrypted and so cannot track the relationship between the connection and the allocation of an ephemeral port.
If you need to use FTP over SSL, you will have to open up a passive port block in both csf and your FTP server configuration.
cPanel FTP and MySQL General Information and Error Log files
FTP: Logins and General Errors.
General information and login attempts are logged here
FTP Transactions
This is a symbolic link in most cases to /usr/local/apache/domlogs/ftpxferlog, which contains a history ofthe transactions made by FTP users.
MySQL: General Information and Errors
/var/lib/mysql/$(hostname).err
This path could vary, but is generally located in /var/lib/mysql. Could also be located at /var/log/mysqld.log
Using SFTP(Secure FTP) in Plesk
Secure FTP is more secure than FTP since it uses the SSH protocol. Shell access must be enabled for each Plesk user for each account.
In the setup page select /bin/bash(chrooted) under the Shell access to server with FTP user’s credentials. This user will now be able to login over SFTP. Remember to change the port in your FTP client. If you are sure you don’t want users to login over standard FTP you can also block this port via the Firewall module in Plesk
The following rules would apply:
Deny incoming from all on ports 21/tcp, 21/udp
You can further secure your FTP server if you have a static IP by allowing access only from that IP. If the static IP is 10.1.1.2 your rules would be:
Allow incoming from 10.1.1.2
Deny incoming from all others
Passive FTP Mode (PASSV)
A mode for FTP connections that will initiate connections from the client side. Using this mode may be helpful if a user is having problems connecting to an FTP server through a firewall.
PassivePortRange 35000 36000
