"The mind of a Mad Tech!"

If you use cPanel, Plesk or any Linux control panel or Distro, you may notice that your Proftpd connection is either slow or takes some time before it becomes responsive. This is likely due to the Proftpd instance doing a Reverse DNS Lookup and it is having issues doing so. However it is possible to disable this option to help speed up the negotiation. This will not help with slow upload speeds if you have a slow upstream however, please make a note of this.

To disable the DNS Lookups you need to do the following;

1. Log into the server that is running Proftpd. You will need to do so by using SSH.

2. Once you have logged into the server you will now need to edit the Proftpd configuration file. This is called the Proftpd.conf file. You can simply type the following to do so;

“vi /etc/proftpd.conf”

Please note this is the default Proftpd configuration location. If your’s is in a different directory, you will need to adjust the command to your location. In this example we are using VI to make the changes. You are free to also use either Nano or Pico, which ever you feel comfortable using.

3. Once you are in the file, you will need to look for the following lines;

“IdentLookups on”
“UseReverseDNS on”

You will need to turn off the lookup by changing them to the following;

“IdentLookups off”
“UseReverseDNS off”

4. Once you make the changes, save the file. You will then need to restart the proftpd instance.

5. You then will need to restart Proftp. Take note, if you are using Plesk you will need to restart the xinetd service as Proftp runs under this service.

To restart in Plesk, type “service xinetd restart”

To restart in everything else, type /etc/init.d/proftpd restart or service proftpd restart

Tags: dns lookup, Proftpd

By default, Filezilla Server does not support FTP via SFTP. However if can use SSL / TLS, commonly referred to as FTPS .  It’s also a breeze to enable this in the Filezilla FTP Server Configuration. To do this, you simply have to do the following:

1.Access the Filezilla FTP server’s settings by going to Edit -> Settings.

2. Once in the Settings section, you will need to scroll down to the SSL / TLS settings section.

3.  Here you will need to check the “Enable FTP over SSL / TLS support (FTPS). Once you do this, the option to “Allow explicit FTP over TLS will be come available and Disallow plain unencrypted FTP” and “Force PROT P to encrypt file transfers in SSL/TLS mode. Be sure to check both.

4. Now you will need to click on the button “Generate new certificate..”. Once you do this, you will be presented with the following screen;

5. Be sure to check check either 1024 bit, 2048 bit or 4096 bit. Since this is a self signed SSL, you can choose 4096 bit.  Now you will need to fill out the rest of he required sections. Once you completed this, be sure to specify a valid location to save the key and certificate to. Once you have, click “Generate certificate”.

6. Filezilla server will now be setup to only use FTPS/FTPSE and will reject any FTP connections over port 21. Your new port will be 990. If you try to use conventional ftp to access the server, you may receive the error that you have to use explicit SSL / TLS before logging in.

7. You will now need to specify port 990 in order to log into the ftp server. Upon logging in, you will need to accept the SSL for the server now. You will have the option as well to always trust the certificate for future sessions.

You have now secured Filezilla FTP server for use with only a FTPS connection. If at any time you wish to remove the SSL from the connection, simply log back into the FTP server and goto the SSL / TLS settings section and uncheck the “Enable FTP over SSL / TLS support (FTPS)” option.

Tags: FileZilla, FTP, SFTP, SSL

Plesk for Linux, by default only allows one ftp users (While it does let you add multiple web users, they are locked to the same directory as the main ftp user). However you can get around this limitation by creating additional FTP users by creating them outside of Plesk, using SSH / Shell. The process is fairly simple as well and you can setup any directory structure that you want the new user to connect to, even for adding ftp access behind the root of a web directory if you like.

To do this, we simply need to do the following;

*Prior to doing this, make sure you already have an existing ftp user in place, as you will need their ID#

1. Log into your Linux server (Only applies to a dedicated server, colo server or virtual server – VPS).

2. Once you have logged in, you need to find an ID of an existing FTP user. To do this, simply type the following:

$id user     (user is the name of the existing ftp user)

3. If you have the user, you will be given an output that looks like this;

# uid=10002(user) gid=2524(psacln) groups=2524(psacln)

4. Take the uid number as you will need this to setup the new user.

5. Now, create the new user by using this command. Also with this command, you can set the directory you want them to have access to.;

/usr/sbin/useradd -u 10002 -o -d /var/www/vhosts/example.com/custom_folder -g psacln -s /bin/false newuser    (newuser is the name if the new account)

6. The new user has been created. Now you have to assign a password to it. To do this, type the following *make sure the password is not the same as the main Plesk ftp account*;

$passwd newuser password (Change password to the password you want to assign to the user)

7. It will then ask for you to confirm the password, type the password again. If done correctly, you will get the following message;

passwd: all authentication tokens updated successfully.

That’s it, the ftp user has been created. If you ever want to remove the user, you have to do it via command line as Plesk will not sure the user. To do this, simply type the following;

$/usr/sbin/userdel username

Tags: additional user, FTP, Plesk

1. SSH to the server that has VsFTP, and SU to it.
2. Edit file /etc/vsftpd/vsftpd.conf, find line
anonymous_enable=YES
change to
anonymous_enable=NO
3. Do /sbin/service vsftpd restart
4. Try to ftp to domain or IP without providing a user/password. Access will be rejected.

Anonymous FTP has been rejected!

Tags: anonymous ftp, disable, vsftp

If you are running vsftpd in standalone mode (not Xinetd), add the “listen_port” directive in vsftpd.conf,like this:

listen_port=222

If you are running vsftpd from an inetd or xinetd program, this becomes an inetd or xinetd problem. You must change the inetd or xinetd configuration files (perhaps /etc/inetd.conf or /etc/xinetd.d/vsftpd).

Tags: listen port, vsftp