How to disable Pure-FTPD in CentminMod

Share this post to your friends !

SystemMen - How to disable Pure-FTPD in CentminMod? Pure-FTPD is a service that allows you to create an FTP account on the server.

This allows you to connect to the server via the FTP service. And you can upload or download data from the server to your computer easily.

Why should we disable the Pure-FTPD service?

If you don’t know, using the FTP service can increase the risk of your server.

There have been many attacks around the world and its goal is FTP service. If this service is attacked, it can allow hackers to download your data, upload dangerous malicious code.

Currently, an alternative safe solution is to transfer data via SFTP protocol. This is a protocol that allows you to transfer data (upload or download) via the SSH service port.

Data transmission through the SSH service port helps the data be encrypted. And that will make it difficult for hackers to sniff your data.

How to disable Pure-FTPD in CentminMod?

For more details, you can read this article from CentminMod.

To do this, there will be 2 ways.

For servers prepared (ie not installed) install CentminMod

When you download the centmin.sh (for version 0.8) script or betainstaller73.sh (for version 123.09beta01) to the server, look for the content line below.

PUREFTPD_DISABLED=n

And change it into.

PUREFTPD_DISABLED=y

So when you install CentminMod, it will not install Pure-FTPD service.

For servers that have installed CentminMod

how-to-disable-pure-ftpd-in-centminmod How to disable Pure-FTPD in CentminMod
Disable Pure-FTPD in CentminMod.

For servers that have installed CentminMod, we will do the following steps.

First, to avoid every time you create a vhost or a new WordPress website in CentminMod, it will usually ask you to create an FTP account. I don’t want this to happen the next time.

Open the file /etc/centminmod/custom_config.inc. Add the line below to this file and save changes.

PUREFTPD_DISABLED='y'

Next, we will stop the Pure-FTPD service. You type in the following 2 commands below.

service pure-ftpd stop
chkconfig pure-ftpd off

And finally, we change the CSF firewall so that it locks ports 20, 21.

You open the file /etc/csf/csf.conf.

Find the piece of content as below.

# Allow incoming TCP ports
TCP_IN = "20,21,222,25,53,80,110,143,161,443,465,587,993,995,1110,1186,1194,81,9418,30001:50011"

# Allow outgoing TCP ports
TCP_OUT = "8080,2525,465,1110,1194,9418,20,21,22,25,53,80,110,113,443,587,993,995"

# Allow incoming UDP ports
UDP_IN = "67,68,1110,33434:33534,20,21,53"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "67,68,1110,33434:33534,20,21,53,113,123"

Delete numbers 20 and 21 both in 4 lines TCP_IN, TCP_OUT, UDP_IN, UDP_OUT. After deleting, it will look like this.

# Allow incoming TCP ports
TCP_IN = "222,25,53,80,110,143,161,443,465,587,993,995,1110,1186,1194,81,9418,30001:50011"

# Allow outgoing TCP ports
TCP_OUT = "8080,2525,465,1110,1194,9418,22,25,53,80,110,113,443,587,993,995"

# Allow incoming UDP ports
UDP_IN = "67,68,1110,33434:33534,53"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "67,68,1110,33434:33534,53,113,123"

And then, restart CSF firewall with below command.

csf -r

You can type the following command, noting the Chain INPUT (policy DROP) and Chain OUTPUT (policy DROP) sections to see if it still has ports 20, 21 in the rule table.

iptables -L -n

Conclusion

Disabling the Pure-FTPD service is actually quite necessary. It will make your server more secure. However, for those who are new (or unknown) ways to transfer data via SFTP protocol (going through SSH port), this can become a problem.

Therefore, you need to learn how to use WinSCP or FileZilla in combination with SFTP to upload or download data before disabling the Pure-FTPD service in the CentminMod server.

If you liked this article, then please subscribe to our YouTube Channel for more video tutorials. You can also find us on Twitter and Facebook.


Share this post to your friends !
If you appreciate what we share in this blog, you can support us by:
  1. Stay connected to: Facebook | Twitter | Google Plus | YouTube
  2. Subscribe email to recieve new posts from us: Sign up now.
  3. Start your own blog with SSD VPS - Free Let's Encrypt SSL ($2.5/month).
  4. Become a Supporter - Make a contribution via PayPal.
  5. Support us by purchasing Ribbon Lite Child theme being using on this website.

We are thankful for your support.

«« »»

Got something to say? Join the discussion

Please keep in mind that all comments are subject to our Comment Policy. Your email address will not be published.
This site uses Akismet to reduce spam. Learn how your comment data is processed.