[BlueOnyx:23043] Re: CushyCMS and ProFTPD
Michael Stauber
mstauber at blueonyx.it
Tue Jul 30 12:19:44 -05 2019
Hi Ken,
> Given the timeframe, I am wondering if this is related to the recent
> update to ProFTPD. I am seeing a bunch of zero second connections from
> the CushyCMS IP address and in ban.log I am seeing that IP address
> getting banned due to excessive client connection rate. I have not
> edited those settings, it appears that >30 connections in 60 seconds
> will get the IP banned for 1 hour. This only seems to have started
> happening in the past week or so, but as near as I can determine, the
> mod_ban configuration is not new, I don’t think the recent update
> changed it.
What's different is that the new ProFTPd has mod_ban and mod_geoip
activated by default. In your case it's most likely mod_ban that is
causing the issues.
In both /etc/proftpd.conf and /etc/proftpds.conf you have that in this
section:
# mod_ban configuration:
<IfModule mod_ban.c>
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/log/proftpd/ban.tab
BanOnEvent MaxLoginAttempts 30/00:10:00 00:30:00
BanOnEvent ClientConnectRate 30/00:01:00 01:00:00
BanControlsACLs all allow group wheel
</IfModule>
I stripped out the comments in this email as they would line wrap. Just
comment out this section in /etc/proftpd.conf and /etc/proftpds.conf by
putting a "#" at the beginning of each line of that block and restart
xinetd:
service xinetd restart
...or...
systemctl restart xinetd
Then see if that helps.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list