Im thinking about throwing proftpd to the trashcan

[danf.1979]

Im thinking about throwing proftpd to the trashcan.
I have Ubuntu breezy and proftpd version 1.2.10-22. Symptoms are like follows: after some time my pc has been online I suddenly get an "Offline" status in ISPConfig "Services" tab for proftpd. At this exact time, navigating through the "Administration" menu, submenu "Server" is extremely slow, but I get normal speed navigating through other parts of ISPConfig. If I want to check "Settings", "Status" or "Services" in the "Server" submenu, I'll have to whait some time for the page to load. At this time, If I have not seen the "Offline" status for proftpd, I already know it is dead, just for experience. Everytime is the same story.

When everything is correct (proftpd online) I check running processes at "System Monitor" (breezy top-gui-like program) and I see the following:

Code:

proftpd: (accepting conections) State: Sleeping

I also can go and browse /var/run/proftpd containing two files: proftpd.delay, proftpd.scoreboard.
If i do a syntax check everything seems ok.

Code:

dan@alcon:~$ sudo proftpd -td5
Password:
Checking syntax of configuration file
 - mod_tls/2.0.7: using OpenSSL 0.9.7g 11 Apr 2005
 - parsing '/etc/proftpd.conf' configuration
 - Compiling deny regex '\*.*/'.
 - Allocated deny regex at location 0x814dd20.
 - parsing '/etc/proftpd_ispconfig.conf' configuration
 - <Directory *>: adding section for resolved path '*'
 - <Directory /var/www/web8/ftp/incoming>: adding section for resolved path '/var/www/web8/ftp/incoming'
localhost.localdomain -
localhost.localdomain - Config for Debian:
localhost.localdomain - DeferWelcome
localhost.localdomain - DefaultServer
localhost.localdomain - ShowSymlinks
localhost.localdomain - TimeoutNoTransfer
localhost.localdomain - TimeoutStalled
localhost.localdomain - TimeoutIdle
localhost.localdomain - DisplayLogin
localhost.localdomain - DisplayFirstChdir
localhost.localdomain - ListOptions
localhost.localdomain - DenyFilter
localhost.localdomain - UserID
localhost.localdomain - UserName
localhost.localdomain - GroupID
localhost.localdomain - GroupName
localhost.localdomain - Umask
localhost.localdomain - DirUmask
localhost.localdomain - AllowOverwrite
localhost.localdomain - DefaultRoot
localhost.localdomain -
localhost.localdomain - Config for Debian:
localhost.localdomain - /var/www/web8/ftp/
localhost.localdomain -  Limit
localhost.localdomain -   DenyAll
localhost.localdomain -  /var/www/web8/ftp/incoming
localhost.localdomain -   Limit
localhost.localdomain -    DenyAll
localhost.localdomain -   Limit
localhost.localdomain -    AllowAll
localhost.localdomain -   Umask
localhost.localdomain -   MaxClients
localhost.localdomain -   AllowOverwrite
localhost.localdomain -  UserName
localhost.localdomain -  GroupName
localhost.localdomain -  UserAlias
localhost.localdomain -  UserAlias
localhost.localdomain -  MaxClients
localhost.localdomain -  AllowOverwrite
localhost.localdomain -  Umask
localhost.localdomain - DefaultRoot
localhost.localdomain - AllowOverwrite
localhost.localdomain - Umask
Syntax check complete.
dan@alcon:~$

When the server gets offline, in System Monitor i see:

Code:

proftpd: (accepting conections) State: Uninterruptable
/ect/init.d/proftpd start

If I go to /var/run/proftpd/, I can't see a thing. Mouse Icon keeps telling me to whait, and nothing ever gets load on *that* directory only (havent check with "ls", I'll do that). Also System Monitor tells me there is a load of 100% CPU, but no process has a high load (strange). Top tells me CPU load is at 10-13% (not 100%), but anyway the system feels slower.
I can't kill neither proftpd, nor /etc/init.d/proftpd start
Under this conditions, the syntax check with: sudo proftpd -td5, NEVER completes. If I close the terminal, the process become a zombie, but it is not terminated. The only way I can get proftpd online again is rebooting, and ofcourse this is not nice.

This is my /etc/proftpd.conf

Code:

#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
# 

ServerName			"Debian"
ServerType			standalone
DeferWelcome			off

MultilineRFC2228		on
DefaultServer			on
ShowSymlinks			on

TimeoutNoTransfer		600
TimeoutStalled			600
TimeoutIdle			1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                	"-l"

DenyFilter			\*.*/

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd		off

# Uncomment this if you would use TLS module:
#TLSEngine 			on

# Uncomment this if you would use quota module:
#Quotas				on

# Uncomment this if you would use ratio module:
#Ratios				on

# Port 21 is the standard FTP port.
Port				21

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances			30

# Set the user and group that the server normally runs at.
User				nobody
Group				nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask				022  022
# Normally, we want files to be overwriteable.
AllowOverwrite			on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default. 
#DelayEngine 			off

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
#   User				ftp
#   Group				nogroup
#   # We want clients to be able to login with "anonymous" as well as "ftp"
#   UserAlias			anonymous ftp
#   # Cosmetic changes, all files belongs to ftp user
#   DirFakeUser	on ftp
#   DirFakeGroup on ftp
# 
#   RequireValidShell		off
# 
#   # Limit the maximum number of anonymous logins
#   MaxClients			10
# 
#   # We want 'welcome.msg' displayed at login, and '.message' displayed
#   # in each newly chdired directory.
#   DisplayLogin			welcome.msg
#   DisplayFirstChdir		.message
# 
#   # Limit WRITE everywhere in the anonymous chroot
#   <Directory *>
#     <Limit WRITE>
#       DenyAll
#     </Limit>
#   </Directory>
# 
#   # Uncomment this if you're brave.
#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
#   #   Umask				022  022
#   #            <Limit READ WRITE>
#   #            DenyAll
#   #            </Limit>
#   #            <Limit STOR>
#   #            AllowAll
#   #            </Limit>
#   # </Directory>
# 
# </Anonymous>

DefaultRoot ~

Include /etc/proftpd_ispconfig.conf

And my /etc/proftpd_ispconfig.conf

Code:

###################################
#
# ISPConfig proftpd Configuration File
#         Version 1.0
#
###################################
<VirtualHost 200.104.78.7>
        DefaultRoot             ~
        AllowOverwrite          on
        Umask                   002
</VirtualHost>

The syslog only has stuff like this:

Code:

Dec 21 12:00:02 localhost proftpd[3806]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 21 12:00:02 localhost proftpd[3806]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session closed.
Dec 21 12:30:02 localhost proftpd[4936]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session opened.
Dec 21 12:00:02 localhost proftpd[3806]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session closed.
.
.
Dec 21 00:56:47 localhost proftpd[10707]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - mod_delay/0.4: delaying for 14 usecs
Dec 21 00:56:47 localhost proftpd[10707]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - mod_delay/0.4: delaying for 55 usecs
.
.
Dec 22 19:57:11 localhost proftpd[10122]: localhost.localdomain - ProFTPD killed (signal 15)
Dec 22 19:57:11 localhost proftpd[10122]: localhost.localdomain - ProFTPD 1.2.10 standalone mode SHUTDOWN
Dec 22 19:57:11 localhost proftpd[10122]: localhost.localdomain - deleting existing scoreboard '/var/run/proftpd/proftpd.scoreboard'
Dec 22 19:57:13 localhost proftpd[11419]: localhost.localdomain - ProFTPD 1.2.10 (stable) (built do mrt 22 18:28:32 CET 2001) standalone mode STARTUP

And this could be of some importance, also in the syslog:

Code:

Dec 22 20:00:01 localhost proftpd[11595]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session requested from unknown class
.
.
Dec 21 13:11:40 localhost proftpd[6969]: localhost.localdomain - Fatal: unable to open incoming connection: Transport endpoint is not connected

Any clues? Is there any more info i could provide?

[Tommie]

Hi

Please post your output of 'ifconfig' for your existing interfaces.

And ist the ftp really listen on the "right" interface ? Seems to be only
on your loopback. Try 'netstat -anp | grep :21' so see this.

Maybe could could try the Option "Defaultserver on" ist your proftpd.conf
Like this:

ServerName "YOURSERVERNAME"
Defaultserver on
ServerType standalone
...

Sometimes, wenn this option is missing, the daemon couldn't bind on
all/external interface. Your .conf seems to be ok, IMHO. After making
this change, you have to restart the daemon.

hth TOMmie

[danf.1979]

This is the netstat output:

Code:

dan@alcon:~$ netstat -anp | grep :21
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN     -

Is this Ok?
DefaultServer option was already on

Code:

.
.
ServerName			"Debian"
ServerType			standalone
DeferWelcome			off

MultilineRFC2228		on
DefaultServer			on
.
.

Thanks for your reply.