First, you need to determine which FTP server you are using.  From command line, you can do this simple command:

grep ftpserver /var/cpanel/cpanel.config

This will come back with one of the following 2 results

ftpserver=proftpd
ftpserver=pure-ftpd

To make custom changes to Pure-FTP, use the following.

• Remove the cache file by typing the following command
  • rm -f /var/cpanel/conf/pureftpd/main.cache
• Next, edit the main configuration file with your favorite text editor.  The file path is /var/cpanel/conf/pureftpd/main
• Add or edit your custom settings for the FTP server and save the file
• To apply the changes, you need to force an update of the FTP server with the following:
  • /scripts/setupftpserver pure-ftpd --force

To make custom changes to ProFTP, use the following:

• Remove the cache file by typing the following command
  • rm -f /var/cpanel/conf/proftpd/main.cache
• Next, edit the main configuration file with your favorite text editor.  The file path is /var/cpanel/conf/proftpd/main
• Add or edit your custom settings for the FTP server and save the file
• To apply the changes, you need to force an update of the FTP server with the following:
  • /scripts/setupftpserver proftpd --force

Now that you have properly made your custom changes, they should not be overwritten by cPanel any more.

The post Custom changes to the FTP server in cPanel are not saving first appeared on Server Sitters.

root@cpanel [/var/run]# /scripts/restartsrv_ftpd
Waiting for “pureftpd” to restart ………warn [restartsrv_pureftpd] The ‘pureftpd’ service’s PID file ‘/var/run/pure-ftpd.pid’ did not appear after 10 seconds.

…Waiting for pure-ftpd,pure-authd to shutdown ….. terminated.
warn [restartsrv_pureftpd] The ‘pureftpd’ service’s PID file ‘/var/run/pure-ftpd.pid’ did not appear after 10 seconds.

…warn [restartsrv_pureftpd] The ‘pureftpd’ service’s PID file ‘/var/run/pure-ftpd.pid’ did not appear after 10 seconds.

…failed.

Service Error
(XID h8w4gj) The “pureftpd” service failed to start.

Startup Log
Apr 05 13:58:03 cpanel.server.com systemd[1]: Started Pure-FTPd.
Apr 05 13:58:03 cpanel.server.com systemd[1]: Starting Pure-FTPd…

pureftpd has failed. Contact your system administrator if the service does not automagically recover.

Check in /etc/pure-ftpd.conf for this line:

CallUploadScript yes

Try commenting it out, and restarting pure-ftpd.  If pure-ftpd was not compiled with pure-uploadscript service, then having this option enabled will break pure-ftpd

The post cPanel PureFTPD won’t start first appeared on Server Sitters.

1. Using the wrong username and password
2. Corrupted password database

First, the most common reason, is user error.

• They enter the wrong username.  Either they are putting in @theirdomain.com with they don’t need it, or they are not putting in @theirdomain.com when they do.  If they are trying to login using their cpanel username, they need to make sure they are not including @theirdomain.com in the username.  If they are trying to connect using an additional FTP username they created in their cPanel, then they need to make sure they ARE using @theirdomain.com in their username
• They are entering their password wrong.  Either they have the wrong password, or they are trying to copy and paste the password incorrectly.  When copy and pasting a password, customers have often unknowingly grabbed a whitespace before or after the password.  The best way to determine if this is the case is have them paste the password somewhere they can see it like in notepad, and check to see if it’s pasting a space.

The 2nd most common reason is a corrupt password database.  This is not quite as common as the last reasons, but we have seen this happen a number of times over the years.  Typically, this happens after a cPanel update, or an FTP server update.  Bellow are some of the ways we have found to correct this.

• Switch FTP servers in the WHM, then switch back.  Simply switching to Proftpd to Pure-ftpd will force the passwords to re-synchronize, which rebuids the FTP password database
• Synchronize the passwords from the WHM. in the WHM, click on “Synchronize FTP Passwords”.  This will also re-sync the passwords, which will also rebuild the FTP password database.
• Simply reset the password.  If you reset the password to match what the password should have been, that should correct the issue.  However, they will only help out the one customer you are working with.  So if this is affecting multiple users, then one of the other 2 options above would be a more ideal solution.

The post How to fix 530 Login authentication failed in Pure-FTP on cPanel first appeared on Server Sitters.

UseReverseDNS off
IdentLookups off

Once you have made the change, simply restart PureFTPD on your server, and incoming connections should be quicker.

The post Quick tip: Help speed up PureFTPD first appeared on Server Sitters.

Access Log
In this log, you will find what users are accessing, the timestamp when they accessed a page, IP address, and much more information. This is a great log that is filled with a lot of information, and it can also be very helpful.

/usr/local/cpanel/logs/access_log

123.123.123.123 – user@userswebsite.com [01/23/2015:22:53:10 -0000] “GET /cpsess5845664796/3rdparty/squirrelmail/src/right_main.php?mailbox=INBOX&startMessage=1&mail_sent=yes HTTP/1.1” 200 0 “https://host.myserver.com::2096/cpsess5845664796/3rdparty/squirrelmail/src/compose.php?passed_id=133690&mailbox=INBOX&startMessage=1&passed_ent_id=0” “Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko” “-”
123.123.123.123 – user@userswebsite.com [01/23/2015:22:53:10 -0000] “POST /cpsess5845664796/3rdparty/squirrelmail/src/compose.php HTTP/1.1” 302 0 “https://host.myserver.com:2096/cpsess5845664796/3rdparty/squirrelmail/src/compose.php?passed_id=133690&mailbox=INBOX&startMessage=1&passed_ent_id=0” “Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko” “-”

Accounts Audit Log
In this log, you can see the account changes that have been made on the server.

/var/cpanel/accounting.log

Thu Oct 23 07:18:21 2014:REMOVE:root:root:website1.com:website1
Fri Nov 21 13:34:43 2014:CREATE:root:root:website2.com:123.123.123.123:website2
Tue Dec 23 07:02:04 2014:REMOVE:root:root:website3.com:website3
Tue Jan 13 15:20:47 2014:DELRESELLER:root:root:website3.com:website3

Account Bandwidth Usage
Here you can see account usage, history, and many other things, based on the domain you want to check. For this one, you will need to an application that is able to open .rrd files as that is how this information is saved.

/var/cpanel/bandwidth/$domain

Backup Log
In this log, it will have the information of if an account was successfully backed up, and when.

/usr/local/cpanel/logs/cpbackup/$backup.log

[2015-01-14 19:07:28 -0700] Creating Archive ………………………………………………………….
[2015-01-14 19:07:28 -0700] Copying shell……
[2015-01-14 19:07:28 -0700] Done
[2015-01-14 19:07:28 -0700] Copying password…….
[2015-01-14 19:07:28 -0700] Done
[2015-01-14 19:07:28 -0700] Storing SSL domain……
[2015-01-14 19:07:28 -0700] Done

Brute Force Protection Log
In this log, you can check to see if an IP was blocked in cPHulkd, why it was blocked, the IP address, and more information.

/usr/local/cpanel/logs/cphulkd.log

Thu Jun 6 08:05:08 2013 [info] Connection service=mail ip=123.123.123.123 port= user=mail@website1.com blocked by cphulkd (IP Address listed as brute)
Thu Jun 6 16:20:27 2013 [info] Connection service=system ip=213.213.213.213 port= user=website2 blocked by cphulkd (IP Address newly listed as brute numfailed=5 max=5 reason=max_failures_byip)
Fri Jun 7 10:29:05 2013 [info] Connection service=mail ip=132.132.132.132 port= user=mail@website2.com blocked by cphulkd (IP Address newly listed as brute numfailed=5 max=5 reason=max_failures_byip)

cPanel Error Log
In this log, you can find the reason of the errors that were shown in cPanel interfaces.

/usr/local/cpanel/logs/error_log

main::_parse_auto_template(‘/usr/local/cpanel/base/frontend/paper_lantern/index.auto.tmpl’) called at cpanel.pl line 5347
main::run_standard_mode() called at cpanel.pl line 827
[2015-01-22 18:13:53 -0700] warn [Branding::applist] Encountered error in Branding::applist: No such file or directory
Duplicate logaccess: at /usr/local/cpanel/Cpanel/Server.pm line 421, <GEN15986> line 2.
Cpanel::Server::logaccess(Cpanel::Server=HASH(0x31dfe40)) called at cpsrvd.pl line 3385
cpanel::cpsrvd::logaccess() called at cpsrvd.pl line 3054
cpanel::cpsrvd::servcontent(“./robots.txt”, “text/plain”, 1, 0, 1, 1, 0) called at cpsrvd.pl line 4684
cpanel::cpsrvd::handle_unprotected_docs() called at cpsrvd.pl line 1206
cpanel::cpsrvd::handle_one_connection() called at cpsrvd.pl line 1101
cpanel::cpsrvd::script() called at cpsrvd.pl line 430

cPanel Fatal Error Log
In this log, you can find the reason why cPanel services have crashed, and the time.

/usr/local/cpanel/logs/panic_log

scripts::register_appconfig::run() called at /usr/local/cpanel/bin/register_appconfig line 15
2014-11-25 06:05:01 -0500 invalid [dnsadmin] Invalid lockfile /var/cpanel/clusterqueue/status/local.lock detected (zero size) [UID]: 0 [MTIME]: 1416913499 [ORIGINAL INODE]: 144078 [TESTED INODE]: 144078 at /usr/local/cpanel/Cpanel/Debug.pm line 34
Cpanel::Debug::log_invalid(‘Invalid lockfile /var/cpanel/clusterqueue/status/local.lock detected (zero size) [UID]: 0 [MTIME]: 1416913499 [ORIGINAL INODE]: 144078 [TESTED INODE]: 144078’) called at /usr/local/cpanel/Cpanel/SafeFile.pm line 411

cPanel Installation Log
In this log, you can see the cPanel installation log

/var/log/cpanel-install.log

2014-07-03 20:43:15 220 (DEBUG): – ssystem [BEGIN]: /sbin/chkconfig –level 35 mysql on
2014-07-03 20:43:15 220 (DEBUG): – ssystem [END]
2014-07-03 20:43:15 219 ( INFO): – Enabling sshd
2014-07-03 20:43:15 220 (DEBUG): – ssystem [BEGIN]: /sbin/chkconfig –level 35 sshd on
2014-07-03 20:43:15 220 (DEBUG): – ssystem [END]
2014-07-03 20:43:15 1755 ( INFO): Enabling cphulkd …
2014-07-03 20:43:15 1762 ( INFO): Done
2014-07-03 20:43:15 236 ( INFO): cPanel install finished in 99 minutes and 41 seconds!

cPanel License Update Log
This log contains information when license was updated, and if there were any issues.

/usr/local/cpanel/logs/license_log

Thu Jan 22 20:06:33 2015: Trying server 208.74.121.85
Thu Jan 22 20:06:34 2015: Server 208.74.121.85 on port 2089 returned:
Key Accepted
Key Follows
Thu Jan 22 20:06:34 2015: Obtained lock license file
Thu Jan 22 20:06:34 2015: Accepted license from server 208.74.121.85 on port 2089
Thu Jan 22 20:06:34 2015: License update succeeded after trying 1 server

cPanel Update Log
This is where you can find logs of the cPanel updates that have occurred.

/var/cpanel/updatelogs/

[20150122.043102] Running /usr/local/cpanel/scripts/postupcp
[20150122.043102] Running Standardized hooks
[20150122.043102] 100% complete
[20150122.043102] cPanel update completed
[20150122.043102] A log of this update is available at /var/cpanel/updatelogs/update.1421918761.log
[20150122.043102] Removing upcp pidfile
[20150122.043102] Completed all updates
=> Log closed Thu Jan 22 04:31:02 2015

EasyApache Installation Log
Here is where you will find the Apache rebuild logs, including times, errors, any much more information!

/usr/local/cpanel/logs/easy/apache/$buildlog

You can change how PHP is configured.
As root, simply execute:
/usr/local/cpanel/bin/rebuild_phpconf –help
for more information.
!! Build Complete! !!
!! Verbose logfile is at ‘/usr/local/cpanel/logs/easy/apache/build.1415291814’ !!

Login Failures on All Services
Here is where you will find all the login failures, including the time, IP address , of a user who was unable to login to cPanel/Webmail services, and some more related information.

/usr/local/cpanel/logs/login_log

12.12.12.123 – user@website1.com [12/23/2014:08:23:35 -0000] “GET /cpsess84654867962/3rdparty/roundcube/?_task=mail&_refresh=1&_mbox=INBOX HTTP/1.1” FAILED LOGIN webmaild: cookie ip check: IP address has changed
23.23.32.23 – user2 [12/30/2014:11:08:51 -0000] “POST /login/?login_only=1 HTTP/1.1” FAILED LOGIN cpaneld:
invalid user name specified
123.123.123.12 – user2 [01/13/2015:21:04:17 -0000] “GET /scripts/ HTTP/1.0” FAILED LOGIN whostmgrd: user password incorrect
45.45.45.45 – user3 [01/20/2015:22:00:13 -0000] “GET //user3/listaccts?api.version=1 HTTP/1.1” FAILED LOGIN whostmgrd: user password incorrect
145.145.145.145 – user4 [01/23/2015:22:10:27 -0000] “GET / HTTP/1.1” DEFERRED LOGIN cpaneld: security token missing

Service Status Log
This log contains information regarding services and when their information. This log runs on an timed interval.

/var/log/chkservd.log

[2015-01-23 14:55:52 -0700] Disk check …. /tmp (/var/tmp) [82%] … /dev/mapper/vg_nintendo-lv_root (/) [82%] … /dev/mapper/vg_nintendo-lv_home (/home) [26%] … /dev/sda1 (/boot) [13%] … /dev/sdb1 (/backup) [33%] … {status:ok} … Done
Loading services …..clamd….cpanellogd….cpsrvd….exim-26,587….ftpd….imap….lfd….named….queueprocd..Done
Service Check Started
Service Check Finished

Tailwatch Daemon Log
In this log, you will find information related to Tailwatch daemon, or errors related to Tailwatch daemon’s working.

/usr/local/cpanel/logs/tailwatchd_log

[7067] [2015-01-23 16:01:30 -0500] [Cpanel::TailWatch] [INFO] Flushing all readers
[7067] [2015-01-23 16:38:04 -0500] [Cpanel::TailWatch] [INFO] tailwatch saving positions and reloading configuration on SIG

WebDisk Log
This is the WebDisk Error log, and it contains all of the logs related to WebDisk

/usr/local/cpanel/logs/cpdavd_error_log

Starting PID 25523: cpdavd – accepting connections on 2077 and 2078
Starting PID 5977: cpdavd – accepting connections on 2077 and 2078
Starting PID 2103: cpdavd – accepting connections on 2077 and 2078
Starting PID 28598: cpdavd – accepting connections on 2077 and 2078
Starting PID 18060: cpdavd – accepting connections on 2077 and 2078
Starting PID 7126: cpdavd – accepting connections on 2077 and 2078

Web Statistics Update Log
In this log, you can check if logs were processed for a user, you can check the last reported Disk Usage, if the statistics for the account was updated, and more information regarding the statistics for the account.

/usr/local/cpanel/logs/stats_log

[2015-01-23 06:07:13 -0500] Process bandwidth for user1
[2015-01-23 07:23:53 -0500] Disk Usage for user1 on /dev/sda8 (94096/5120000)
[2015-01-23 07:23:53 -0500] Archive Status for user1: 1
[2015-01-23 07:23:53 -0500] Processing user1, fork() required to drop privs with (domains:1 domains)
[2015-01-23 07:23:53 -0500] [setuid] user1 (uid=708,gid=708)

The post cPanel/WHM logs and locations first appeared on Server Sitters.

Pure-FTP

• SSH to the server as root (or another user, then su to root)
• vi /etc/pure-ftpd.conf
• Uncomment the following line
  • # PassivePortRange          30000 50000
• I will typically change the range to something lower though.  change 50000 to 35000.  This will enable 5,000 ports instead of 20,000 ports
• Save the file and restart pure-ftpd

Proftpd

• SSH to the server as root (or another user, then su to root)
• vi /etc/proftpd.conf
• Add the following line to the first section of the configuration file:
  • PassivePortRange 30000 35000
• Save the file, then restart proftpd

NOTE:

If you have a very busy server in regards to FTP, then you should indeed enable more ports, and perhaps go with the 20,000 ports (ie: 30000 – 50000)

If you have CSF installed, then you’ll also need to enable these ports in CSF.  I’ll list those steps bellow:

Enable ports in CSF Firewall

• SSH to the server as root (or another user, then su to root)
• vi /etc/csf/csf.conf
• Search for the line that starts with TCP_IN =
  • At the end of this line (inside of the quotation marks)  add this
  • 30000:35000
• Save the file
• Flush and restart CSF
  • csf -f
  • csf -r

The 30000:35000 means that it will allow ALL ports between 30000 and 35000 through the firewall.

The post How to enable Passive FTP mode on cPanel first appeared on Server Sitters.

• SSH to the server as root
• Edit the proftpd.conf file. ( vi /etc/proftpd.conf )
• Add or edit the following line anywhere within the [Global] section:
  • PassivePorts 49152 52152
• Save the file and restart FTP on the server

If you are using the firewall built into Plesk, then you need to add the following rule to the firewall:

• Login to the Plesk admin page
• Click on Modules > Firewall > Edit Firewall Configuration
• Click Add Custom Rule
  • Rule name: Passive FTP
  • Direction: select Incoming.
  • Action: select Allow.
  • Ports: in the Add port input box, enter the value 49152-52152.
  • Leave the TCP option selected, and click Add.
• Click Ok
• Click Activate, and then click Activate again.

This will now allow your customers to use Passive FTP mode in their FTP clients.

The post How to enable Passive FTP mode on Plesk in Linux first appeared on Server Sitters.

#
# end
#


If this method doesn’t work you can also use iptables. However, this is only a valid option if you are implementing this feature server-wide. To block all inbound access via ftp use the following:

iptables -I INPUT -i eth0 --protocol tcp --dport 21 -j DROP;


Then to add an IP for access use:

iptables -I INPUT -i eth0 -s $IP --protocol tcp --dport 21 -j ACCEPT;


The post Restrict FTP access by IP first appeared on Server Sitters.