SystemMen - How to disable Pure-FTPD in CentminMod? Pure-FTPD is a service that allows you to create an FTP account on the server.
This allows you to connect to the server via the FTP service. And you can upload or download data from the server to your computer easily.
Why should we disable the Pure-FTPD service?
If you don’t know, using the FTP service can increase the risk of your server.
There have been many attacks around the world and its goal is FTP service. If this service is attacked, it can allow hackers to download your data, upload dangerous malicious code.
Currently, an alternative safe solution is to transfer data via SFTP protocol. This is a protocol that allows you to transfer data (upload or download) via the SSH service port.
Data transmission through the SSH service port helps the data be encrypted. And that will make it difficult for hackers to sniff your data.
How to disable Pure-FTPD in CentminMod?
For more details, you can read this article from CentminMod.
To do this, there will be 2 ways.
For servers prepared (ie not installed) install CentminMod
When you download the centmin.sh (for version 0.8) script or betainstaller73.sh (for version 123.09beta01) to the server, look for the content line below.
PUREFTPD_DISABLED=n
And change it into.
PUREFTPD_DISABLED=y
So when you install CentminMod, it will not install Pure-FTPD service.
For servers that have installed CentminMod
For servers that have installed CentminMod, we will do the following steps.
First, to avoid every time you create a vhost or a new WordPress website in CentminMod, it will usually ask you to create an FTP account. I don’t want this to happen the next time.
Open the file /etc/centminmod/custom_config.inc
. Add the line below to this file and save changes.
PUREFTPD_DISABLED='y'
Next, we will stop the Pure-FTPD service. You type in the following 2 commands below.
service pure-ftpd stop chkconfig pure-ftpd off
And finally, we change the CSF firewall so that it locks ports 20, 21.
You open the file /etc/csf/csf.conf
.
Find the piece of content as below.
# Allow incoming TCP ports TCP_IN = "20,21,222,25,53,80,110,143,161,443,465,587,993,995,1110,1186,1194,81,9418,30001:50011" # Allow outgoing TCP ports TCP_OUT = "8080,2525,465,1110,1194,9418,20,21,22,25,53,80,110,113,443,587,993,995" # Allow incoming UDP ports UDP_IN = "67,68,1110,33434:33534,20,21,53" # Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list UDP_OUT = "67,68,1110,33434:33534,20,21,53,113,123"
Delete numbers 20 and 21 both in 4 lines TCP_IN, TCP_OUT, UDP_IN, UDP_OUT. After deleting, it will look like this.
# Allow incoming TCP ports TCP_IN = "222,25,53,80,110,143,161,443,465,587,993,995,1110,1186,1194,81,9418,30001:50011" # Allow outgoing TCP ports TCP_OUT = "8080,2525,465,1110,1194,9418,22,25,53,80,110,113,443,587,993,995" # Allow incoming UDP ports UDP_IN = "67,68,1110,33434:33534,53" # Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list UDP_OUT = "67,68,1110,33434:33534,53,113,123"
And then, restart CSF firewall with below command.
csf -r
You can type the following command, noting the Chain INPUT (policy DROP) and Chain OUTPUT (policy DROP) sections to see if it still has ports 20, 21 in the rule table.
iptables -L -n
Conclusion
Disabling the Pure-FTPD service is actually quite necessary. It will make your server more secure. However, for those who are new (or unknown) ways to transfer data via SFTP protocol (going through SSH port), this can become a problem.
Therefore, you need to learn how to use WinSCP or FileZilla in combination with SFTP to upload or download data before disabling the Pure-FTPD service in the CentminMod server.
«« How to change SSH port number in CentminModHow to remove demodomain.com in CentminMod »»