Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th April 2007, 02:06
JaJunk JaJunk is offline
Junior Member
 
Join Date: Jan 2006
Posts: 23
Thanks: 1
Thanked 3 Times in 3 Posts
Default Proftpd stops and general install question

First off, many thanks to Till, Falko and everyone else who made such a great program. I've installed ISPConfig on so many computers to replace MS servers and couldn't be happier. One installation question, I've used almost every Linux OS to install and am favoring SuSE for the small network install cd size and YaST's online updates. Which distro has the smallest hd footprint when completely installed w/ ISPConfig? Any comparable updaters on the other OS's, I know Debian is very slow with releasing the newer packages.
Second question: Proftpd stops responding/listening on a SuSE 10.0 system. I look at the ps tree and see proftpd accepting connections, but clients cannot connect. Try /etc/init.d/proftpd restart and still nothing. Only after rebooting the system does it come back up. I've looked in /var/log/ at warn and error but see nothing proftp related. Where are the logs and how should I start troubleshooting this one.
Thanks again guys.
Reply With Quote
Sponsored Links
  #2  
Old 14th April 2007, 13:33
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Quote:
Which distro has the smallest hd footprint when completely installed w/ ISPConfig?
Debian.

Quote:
Any comparable updaters on the other OS's, I know Debian is very slow with releasing the newer packages.
You must differentiate between security updates and new software. Debian is very fast with security updates, maybe even faster then SuSE. The packages in debian are more conservative, but thats good for a server and the latest debian 4.0 has equal relaese numbers of the packages then SuSE. By the way, SuSE is not releaseing any new pacakges for their distribution adter it is initially released, SuSE releases only bugfixes too.

Quote:
Try /etc/init.d/proftpd restart and still nothing. Only after rebooting the system does it come back up. I've looked in /var/log/ at warn and error but see nothing proftp related. Where are the logs and how should I start troubleshooting this one.
Thanks again guys.
Have a look at the proftpd.log or xferlog.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 18th April 2007, 11:53
JaJunk JaJunk is offline
Junior Member
 
Join Date: Jan 2006
Posts: 23
Thanks: 1
Thanked 3 Times in 3 Posts
Default

Could not find file proftpd.log and xferlog is empty. Checked /etc/proftpd.conf and didn't see any lines about a log file, is that why it's not logging?
Reply With Quote
  #4  
Old 19th April 2007, 14:41
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

These logs are used only for file transfers, so Proftpd must be working. Are there any errors in your other logs? Is AppArmor disabled?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 23rd April 2007, 16:35
JaJunk JaJunk is offline
Junior Member
 
Join Date: Jan 2006
Posts: 23
Thanks: 1
Thanked 3 Times in 3 Posts
Default

I don't think AppArmor is on, I never installed it and SuSE says it was not included until 10.1. I did notice some connections in netstat with ftp that seemed to be stuck on closing, but I rebooted before copying those lines, when it happens again I'll print the output for you. Also noticed hijack attempt via ftp with someone trying very hard to login as root, (about 5 attempts per second) does proftp stop itself to prevent such actions?

Last edited by JaJunk; 23rd April 2007 at 16:56.
Reply With Quote
  #6  
Old 24th April 2007, 19:38
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Quote:
Originally Posted by JaJunk
Also noticed hijack attempt via ftp with someone trying very hard to login as root, (about 5 attempts per second) does proftp stop itself to prevent such actions?
Usually root FTP logins are not permitted, but that depends on your Proftpd configuration.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 10th May 2007, 22:17
JaJunk JaJunk is offline
Junior Member
 
Join Date: Jan 2006
Posts: 23
Thanks: 1
Thanked 3 Times in 3 Posts
 
Default Solved

The root ftp logins were blocked, the problem seems to have been script kiddos in AU trying about 5 times a second to login. So in case anyone else was having this problem here you go:
The ftp logs are going to /var/log/messages (at least the connections anyway)
Download fail2ban, get the noarch rpm for your distro and install.
Edit /etc/fail2ban/jail.conf to suit your needs.
DO NOT try starting and stopping fail2ban with the init.d script, use fail2ban-client to control the server.
Install whois if you want details in the emails
After all that the log files stay manageable and the services are working like they're supposed to.
Thanks again Till and Falko.

Last edited by JaJunk; 10th May 2007 at 23:28.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 19:42.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.