Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Must my FTP server's port be 21?

  1. Jun 24, 2006 #1
    I discontinued using an FTP server because of attempts to hack into it.

    After several months, maybe over a year, I have decided to try again. Is it possible to set it up to listen on some port besides 21? Are there any ports that should not or can not be used for an FTP server? What are valid port numbers (I assume something between 1 and 65536)?

    I don't think that in itself will stop the hack attempts but it might make some difference in that regard.

    I was using Cerebus' FTP server and the log periodically showed a log-in attempt from someone I did not specifically inform of my server. I had programmed Cerebus to immediately block the ip address after 1 unsuccessful login attempt. Not only that, but I set it to ban the whole range Z.Z.*.* if 1 unsuccesful attempt came from Z.Z.A.B (I guess thus banning about 65536 ip addresses). For a long time, there were no "repeat offenders" from the same ip address.

    This auto-banning feature seemed to work as I periodically got a second attempt from the same ip address but my log would say something like "ignoring log-in attempt from banned ip address." After that, no log-in attempts were made from the same ip address (though I realize it's not hard to scramble one's ip address at will).

    Then one day, my computer was running really slowly. I checked my task manager and Cerebus was using 100% of the CPU. I checked the log and it showed that someone had attempted to log in over 1000 times using the user name "administrator," and was still trying. I shut down Cerebus and maybe my whole computer. Then I took Cerebus offline permanently.

    Now I'm trying filezilla server. It doesn't seem to have all the options Cerebus had. I don't know, maybe I should try a newer version of Cerebus... I've apparently uninstalled it, so I don't know what version I was using.
  2. jcsd
  3. Jun 24, 2006 #2
    sure your best way to really thwart most port attacks is to just change the ports to somethign really random
    are you using an active or passive ftp server?
    i have never run filezilla as a server
    i rum proftp on an ubuntu box and once i got it set up i haven't honestly had many problems
    are you allowing anonymous logins?
    or only to people that you exclusively set up accounts for?
  4. Jun 24, 2006 #3
    Thanks for your reply.

    Do I have to be at all careful about what port I choose? Can I use 80, for example? What if that port is for something else?

    I didn't know Filezilla had anything other than an FTP client until today. They also have an FTP server.

    Anonymous logins are not allowed. When someone tries to log in anonymously, the response they get is something to the effect: "anonymous log-ins not allowed." They get that response before a password is asked for.

    When my former sever from a year ago was set up, it was the same with anonymous log-ins. I had maybe five accounts set up with some permissions. Any user name besides those five should have had the response "invalid username," in my opinion, but when someone tried the username administrator, it actually asked for a password. administrator was not the username of any of the accounts I had set up.

    Just for drill, I'm going to try to tap in to my current server with certain usernames, like administrator, nobody, owner, etc., and see how the server responds.

    On my current server, there are two user accounts set up. In general, I'll see what happens when someone tries a username besides one of those two.

    I don't know how to determine if my server is passive or active. What is the difference? How do I determine if it's active or passive? Let me see...
    Ok, there are some settings called "passive mode settings." Here's what it says:

    The following information is also in a box on the side of that menu:
    I currently am on a wireless network behind a router (but I wasn't a year ago when they tried to hack in).
    Last edited by a moderator: May 2, 2017
  5. Jun 24, 2006 #4
    Ok, so the server seems to be responding the same way for any username I try. After entering a username, whether it be one on my list or not, it asks for a password. Then, unless I enter the right password for one of the two accounts I set up, it says something to the effect of "username or password incorrect."

    When I try "anonymous" and "nobody" it behaves the same way. It does not say "anonymous connections are not allowed."
  6. Jun 25, 2006 #5
    This doesn't answer your question, but you really should be using sftp instead of ftp. Oh and its not like changing your port to some random number will help. He/she could easily port scan your router and see whats open.
    Last edited: Jun 25, 2006
  7. Jun 25, 2006 #6
    How do I do that?
  8. Jun 25, 2006 #7
    Do you already have an ssh server setup?
  9. Jun 25, 2006 #8

  10. Jun 25, 2006 #9
    Install openssh on your machine. ssh uses port 22. What operating system do you use?
  11. Jun 25, 2006 #10


    User Avatar
    Science Advisor

    A better alternative to FTP is WebDAV. If you have IIS then WebDAV is a safer option than FTP because it allows you to use Windows Authentication (for users with Windows or IE).
    Within IIS it's very easy to change the FTP port, but FTP is really not a safe option. SFTP would be better.
  12. Jun 28, 2006 #11
    Yeh use ssh ftp, it has a stronger authentication method, thus is relevent to this perceived problem you have.

    Beware tho.. If you set it up in a way that ssh is enabled per file xfer not session, your friends will have to authenticate numerous times..
Share this great discussion with others via Reddit, Google+, Twitter, or Facebook