Register to reply

Must my FTP server's port be 21?

by phoenixthoth
Tags: port, server
Share this thread:
phoenixthoth
#1
Jun24-06, 08:06 PM
phoenixthoth's Avatar
P: 1,572
I discontinued using an FTP server because of attempts to hack into it.

After several months, maybe over a year, I have decided to try again. Is it possible to set it up to listen on some port besides 21? Are there any ports that should not or can not be used for an FTP server? What are valid port numbers (I assume something between 1 and 65536)?

I don't think that in itself will stop the hack attempts but it might make some difference in that regard.

I was using Cerebus' FTP server and the log periodically showed a log-in attempt from someone I did not specifically inform of my server. I had programmed Cerebus to immediately block the ip address after 1 unsuccessful login attempt. Not only that, but I set it to ban the whole range Z.Z.*.* if 1 unsuccesful attempt came from Z.Z.A.B (I guess thus banning about 65536 ip addresses). For a long time, there were no "repeat offenders" from the same ip address.

This auto-banning feature seemed to work as I periodically got a second attempt from the same ip address but my log would say something like "ignoring log-in attempt from banned ip address." After that, no log-in attempts were made from the same ip address (though I realize it's not hard to scramble one's ip address at will).

Then one day, my computer was running really slowly. I checked my task manager and Cerebus was using 100% of the CPU. I checked the log and it showed that someone had attempted to log in over 1000 times using the user name "administrator," and was still trying. I shut down Cerebus and maybe my whole computer. Then I took Cerebus offline permanently.

Now I'm trying filezilla server. It doesn't seem to have all the options Cerebus had. I don't know, maybe I should try a newer version of Cerebus... I've apparently uninstalled it, so I don't know what version I was using.
Phys.Org News Partner Science news on Phys.org
Experts defend operational earthquake forecasting, counter critiques
EU urged to convert TV frequencies to mobile broadband
Sierra Nevada freshwater runoff could drop 26 percent by 2100
Shawnzyoo
#2
Jun24-06, 10:18 PM
P: 105
sure your best way to really thwart most port attacks is to just change the ports to somethign really random
are you using an active or passive ftp server?
i have never run filezilla as a server
i rum proftp on an ubuntu box and once i got it set up i haven't honestly had many problems
are you allowing anonymous logins?
or only to people that you exclusively set up accounts for?
--shawn
phoenixthoth
#3
Jun24-06, 11:42 PM
phoenixthoth's Avatar
P: 1,572
Quote Quote by Shawnzyoo
sure your best way to really thwart most port attacks is to just change the ports to somethign really random
are you using an active or passive ftp server?
i have never run filezilla as a server
i rum proftp on an ubuntu box and once i got it set up i haven't honestly had many problems
are you allowing anonymous logins?
or only to people that you exclusively set up accounts for?
--shawn
Thanks for your reply.

Do I have to be at all careful about what port I choose? Can I use 80, for example? What if that port is for something else?

I didn't know Filezilla had anything other than an FTP client until today. They also have an FTP server.

Anonymous logins are not allowed. When someone tries to log in anonymously, the response they get is something to the effect: "anonymous log-ins not allowed." They get that response before a password is asked for.

When my former sever from a year ago was set up, it was the same with anonymous log-ins. I had maybe five accounts set up with some permissions. Any user name besides those five should have had the response "invalid username," in my opinion, but when someone tried the username administrator, it actually asked for a password. administrator was not the username of any of the accounts I had set up.

Just for drill, I'm going to try to tap in to my current server with certain usernames, like administrator, nobody, owner, etc., and see how the server responds.

On my current server, there are two user accounts set up. In general, I'll see what happens when someone tries a username besides one of those two.

I don't know how to determine if my server is passive or active. What is the difference? How do I determine if it's active or passive? Let me see...
Ok, there are some settings called "passive mode settings." Here's what it says:

External Server IP Address for passive mode transfers:
Default [this is currently selected]
Use the following IP: [grayed out entry form]
You can also enter hostnames:
Retreive external IP address from: [grayed out: http://filezilla.sourceforge.net/mis...]

Information for users with dynamic IPs: If your external IP changes, it might take up to 5 minutes after the next failed transfer until Filezilla Server recognizes the changed IP.
In most cases, the IP is updated within 30s after a failed transfer.

Don't use external IP for local connections [checked]
Use custom port range: [unchecked]
[grayed out--0] - [grayed out--0] (1-65535)
The following information is also in a box on the side of that menu:
Use custom PASV settings if you are operating the server from behind a NAT router or a firewall. In that case, the IP address of the server is not accessible from outside of the router, so you should fill in the correct address here. Use the port range to limit the number of ports that will need to be forwarded through the router.
I currently am on a wireless network behind a router (but I wasn't a year ago when they tried to hack in).

phoenixthoth
#4
Jun24-06, 11:47 PM
phoenixthoth's Avatar
P: 1,572
Must my FTP server's port be 21?

Ok, so the server seems to be responding the same way for any username I try. After entering a username, whether it be one on my list or not, it asks for a password. Then, unless I enter the right password for one of the two accounts I set up, it says something to the effect of "username or password incorrect."

When I try "anonymous" and "nobody" it behaves the same way. It does not say "anonymous connections are not allowed."
Tony11235
#5
Jun25-06, 10:21 AM
P: 276
This doesn't answer your question, but you really should be using sftp instead of ftp. Oh and its not like changing your port to some random number will help. He/she could easily port scan your router and see whats open.
phoenixthoth
#6
Jun25-06, 04:13 PM
phoenixthoth's Avatar
P: 1,572
Quote Quote by Tony11235
This doesn't answer your question, but you really should be using sftp instead of ftp. Oh and its not like changing your port to some random number will help. He/she could easily port scan your router and see whats open.
How do I do that?
Tony11235
#7
Jun25-06, 04:52 PM
P: 276
Quote Quote by phoenixthoth
How do I do that?
Do you already have an ssh server setup?
phoenixthoth
#8
Jun25-06, 04:59 PM
phoenixthoth's Avatar
P: 1,572
Quote Quote by Tony11235
Do you already have an ssh server setup?
No.


.......
Tony11235
#9
Jun25-06, 05:18 PM
P: 276
Install openssh on your machine. ssh uses port 22. What operating system do you use?
-Job-
#10
Jun25-06, 05:22 PM
Sci Advisor
-Job-'s Avatar
P: 1,132
A better alternative to FTP is WebDAV. If you have IIS then WebDAV is a safer option than FTP because it allows you to use Windows Authentication (for users with Windows or IE).
Within IIS it's very easy to change the FTP port, but FTP is really not a safe option. SFTP would be better.
Anttech
#11
Jun28-06, 05:55 AM
P: 1,401
but you really should be using sftp instead of ftp
Yeh use ssh ftp, it has a stronger authentication method, thus is relevent to this perceived problem you have.

Beware tho.. If you set it up in a way that ssh is enabled per file xfer not session, your friends will have to authenticate numerous times..


Register to reply

Related Discussions
Port Forwarding Computing & Technology 5
Visual Basic MSComm port and Virtual port Computing & Technology 4
Usb port Computing & Technology 1
Play around with their computer's port ? Computing & Technology 10
Help with port Computing & Technology 4