FTP stopped working, please help

Discussion in 'Installation/Configuration' started by theonewhocant, May 3, 2007.

  1. theonewhocant

    theonewhocant New Member

    Hello there,

    i have some serious trouble here, my previous sysadmin died a few weeks ago and now i have to oversee a few servers which were running fine till a few days ago. The ftp server suddenly stopped and i dont know what is wrong. Im also not that very experienced with this stuff. In the ISP Config the FTP Cliend is vsftpd.

    I tried to reboot the server, no result
    i tried to restart/stop/start vsftpd no result

    i searched via the internet and found nothing

    im a bit scared that if im doing something very stupid (like reinstalling vsftpd), all the accounts created by ispconfig would never be able to login to their ftp space again. And there are a lot of configs.

    I would really wish that one of you can help with this problem as i seen in a few posts ago i posted some results from some commands which should give you an overview of some basics:


    netstat -tap | grep ftp
    no output from this command


    ps aux | grep ftp

    root 15487 0.0 0.1 23440 1800 ? Ss 06:46 0:00 /usr/lib/openssh/sftp-server
    root 15609 0.0 0.0 2764 620 pts/0 R+ 06:50 0:00 grep ftp

    please help me, cause i really dont know what to do.

    thank you for your time reading through this.

    tomy
     
  2. Ben

    Ben ISPConfig Developer ISPConfig Developer

    Did you check the vsftpd-logs in /var/log, if there's sth. why the daemon does not start?
    So there is absolutely no output if you run the start / stop script of vsftp?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Also be aware that the vsftpd is started in a ISPConfig server by the ISPConfig tcpserver. Please try to restart the ispconfig_server script too.
     
  4. theonewhocant

    theonewhocant New Member

    @ Ben
    the last written in the log was :
    Code:
    Sun Apr 22 02:08:43 2007 1 89.245.117.159 2173 /web/hk/img/buttons/top_startseite.jpg b _ i r web34_ma ftp 0 * c
    Sun Apr 22 02:08:43 2007 1 89.245.117.159 304 /web/hk/img/content_bg.jpg b _ i r web34_ma ftp 0 * c
    Sun Apr 22 02:08:43 2007 1 89.245.117.159 1138 /web/hk/img/header_bg.jpg b _ i r web34_ma ftp 0 * c
    Sun Apr 22 02:08:44 2007 1 89.245.117.159 54993 /web/hk/img/header.jpg b _ i r web34_ma ftp 0 * c
    Sun Apr 22 02:08:44 2007 1 89.245.117.159 1285 /web/hk/index.html a _ i r web34_ma ftp 0 * c
    Sun Apr 22 02:10:21 2007 1 89.245.117.159 1280 /web/hk/index.html a _ i r web34_ma ftp 0 * c
    this looks normal to me
    and yes, there is absolutly no outpot if i stop/start/restart :(

    @till
    how do i restart the ispconfig_server script?
    is this dangerous? i mean is there a possibility that something gets deletet?

    sorry for the question, but im really new to this
     
  5. falko

    falko Super Moderator ISPConfig Developer

    Code:
    /etc/init.d/ispconfig_tcpserver restart
    No.
     
  6. theonewhocant

    theonewhocant New Member

    problem still exists

    i restarted ispconfig but still the same problem


    ps aux | grep ftp
    Code:
    1516  0.0  0.0   2764   620 pts/1    R+   02:29   0:00 grep ftp

    netstat -tap | grep ftp
    no output from this command


    and nothing in the log :(

    What can i do now? reinstall vsftpd? and if, how? Will the accounts from ispconfig still work if i reinstall it?
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Please check your syslog or messages log for errors. There must be some startup errors in the logs.
     
  8. theonewhocant

    theonewhocant New Member

    nothing -_-

    nothing in the syslog and messages log hinting at the ftp server or something related

    if the mods would like to take a look for themselves i will glady hand them over the login details, im totaly done, the people hosted on the server are going nuts.

    please help
     
  9. Ben

    Ben ISPConfig Developer ISPConfig Developer

    hmm what about /home/admispconfig/ispconfig/ispconfig.log
    just to see what the script's doing?
    may you post the vsftpd.conf here?
    Eventually you should thinkg about saving the vsftpd*-configs, remove/erase/purge vsftpd and install it again...
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Please have a look at the logfile that Ben suggested. Are the users that are unable to login listed in /etc/passwd?

    If you want Falko or me to have a look at your server, please contact us at info [at] projektfarm [dot] com
     
  11. theonewhocant

    theonewhocant New Member

    Here is a short list from ispconfig.log after restarting ispconfig, users and urls were replaced with XXX


    Code:
    
    05.05.2007 - 23:59:15 => INFO - /root/ispconfig/scripts/shell/ftp_logs.php, Line 121: rm -f /var/log/vsftpd.log.www.XXXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/mail_logs.php, Line 119: rm -f /home/admispconfig/mailstats/web178_XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/ftp_logs.php, Line 96: cat /dev/null > /var/log/vsftpd.log.www.XXXXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/ftp_logs.php, Line 121: rm -f /var/log/vsftpd.log.www.XXXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/mail_logs.php, Line 119: rm -f /home/admispconfig/mailstats/web178_XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/mail_logs.php, Line 132: rm -f /var/log/mail.log.XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/ftp_logs.php, Line 96: cat /dev/null > /var/log/vsftpd.log.www.XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/ftp_logs.php, Line 121: rm -f /var/log/vsftpd.log.www.XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/ftp_logs.php, Line 96: cat /dev/null > /var/log/vsftpd.log.www.XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/mail_logs.php, Line 132: rm -f /var/log/mail.log.www.XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/ftp_logs.php, Line 121: rm -f /var/log/vsftpd.log.www.XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/ftp_logs.php, Line 96: cat /dev/null > /var/log/vsftpd.log.www.XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/mail_logs.php, Line 132: rm -f /var/log/mail.log.www.XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/ftp_logs.php, Line 121: rm -f /var/log/vsftpd.log.www.XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/ftp_logs.php, Line 96: cat /dev/null > /var/log/vsftpd.log.www.XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/ftp_logs.php, Line 121: rm -f /var/log/vsftpd.log.www.XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/mail_logs.php, Line 132: rm -f /var/log/mail.log.www.XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/ftp_logs.php, Line 96: cat /dev/null > /var/log/vsftpd.log.www.XXXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/ftp_logs.php, Line 121: rm -f /var/log/vsftpd.log.www.XXX
    05.05.2007 - 23:59:16 => INFO - /root/ispconfig/scripts/shell/ftp_logs.php, Line 124: rm -f /var/log/vsftpd.log.05-05-07_23-59-02
    
    

    here is the conf:

    Code:
     # Example config file /etc/vsftpd.conf
    #
    # The default compiled in settings are very paranoid. This sample file
    # loosens things up a bit, to make the ftp daemon more usable.
    #
    # Allow anonymous FTP?
    anonymous_enable=YES
    #
    # Uncomment this to allow local users to log in.
    local_enable=YES
    #
    # Uncomment this to enable any form of FTP write command.
    write_enable=YES
    #
    # Default umask for local users is 077. You may wish to change this to 022,
    # if your users expect that (022 is used by most other ftpd's)
    local_umask=002
    #
    # Uncomment this to allow the anonymous FTP user to upload files. This only
    # has an effect if the above global write enable is activated. Also, you will
    # obviously need to create a directory writable by the FTP user.
    anon_upload_enable=YES
    #
    # Uncomment this if you want the anonymous FTP user to be able to create
    # new directories.
    #anon_mkdir_write_enable=YES
    #
    anon_umask=002
    #
    ftp_username=web72_anonftp
    #
    # Activate directory messages - messages given to remote users when they
    # go into a certain directory.
    dirmessage_enable=YES
    #
    # Activate logging of uploads/downloads.
    xferlog_enable=YES
    #
    # Make sure PORT transfer connections originate from port 20 (ftp-data).
    connect_from_port_20=YES
    #
    # If you want, you can arrange for uploaded anonymous files to be owned by
    # a different user. Note! Using "root" for uploaded files is not
    # recommended!
    #chown_uploads=YES
    #chown_username=whoever
    #
    # You may override where the log file goes if you like. The default is shown
    # below.
    xferlog_file=/var/log/vsftpd.log
    #
    # If you want, you can have your log file in standard ftpd xferlog format
    xferlog_std_format=YES
    #
    # You may change the default value for timing out an idle session.
    #idle_session_timeout=600
    #
    # You may change the default value for timing out a data connection.
    #data_connection_timeout=120
    #
    # It is recommended that you define on your system a unique user which the
    # ftp server can use as a totally isolated and unprivileged user.
    #nopriv_user=ftpsecure
    #
    # Enable this and the server will recognise asynchronous ABOR requests. Not
    # recommended for security (the code is non-trivial). Not enabling it,
    # however, may confuse older FTP clients.
    #async_abor_enable=YES
    #
    # By default the server will pretend to allow ASCII mode but in fact ignore
    # the request. Turn on the below options to have the server actually do ASCII
    # mangling on files when in ASCII mode.
    # Beware that turning on ascii_download_enable enables malicious remote parties
    # to consume your I/O resources, by issuing the command "SIZE /big/file" in
    # ASCII mode.
    # These ASCII options are split into upload and download because you may wish
    # to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
    # without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
    # on the client anyway..
    ascii_upload_enable=YES
    ascii_download_enable=YES
    #
    # You may fully customise the login banner string:
    #ftpd_banner=Welcome to blah FTP service.
    #
    # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    # useful for combatting certain DoS attacks.
    #deny_email_enable=YES
    # (default follows)
    #banned_email_file=/etc/vsftpd/banned-emails
    #
    # You may specify an explicit list of local users to chroot() to their home
    # directory. If chroot_local_user is YES, then this list becomes a list of
    # users to NOT chroot().
    #chroot_list_enable=YES
    # (default follows)
    #chroot_list_file=/etc/vsftpd/chroot-list
    #
    chroot_local_user=YES
    #
    # You may activate the "-R" option to the builtin ls. This is disabled by
    # default to avoid remote users being able to cause excessive I/O on large
    # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    # the presence of the "-R" option, so there is a strong case for enabling it.
    #ls_recurse_enable=YES
    pam_service_name=vsftpd
    thank you for your help

    @till i will send you an email with the logindata as well as an sample ftp login

    thank you
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    The problems seems to be a incompatibility of the ispconfig tcpserver with the latest glibc versions. The tcpserver is needed for vsftpd because of the limited anonymous functionality in vsftpd.

    The patch from the following thread seems not to work anymore with the latest glibc, but you may try it anyway:

    http://www.howtoforge.com/forums/showthread.php?t=446&highlight=GLIBC_2.0

    I recommend to install proftpd as described in the perfect setup guides instead of vsftpd.
     
  13. theonewhocant

    theonewhocant New Member

    Hi and thanks for your help so far

    im trying to install proftp but heres the error:

    IPv6 getaddrinfo xxx error: Name or service not known


    i searched for the IPV6 entry, but theres nothing in it. what do i have to change?

    heres the conf

    Code:
    #
    # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
    # To really apply changes reload proftpd after modifications.
    # 
    
    # Includes DSO modules
    Include /etc/proftpd/modules.conf
    
    ServerName			"Debian"
    ServerType			standalone
    DeferWelcome			off
    
    MultilineRFC2228		on
    DefaultServer			on
    ShowSymlinks			on
    
    TimeoutNoTransfer		600
    TimeoutStalled			600
    TimeoutIdle			1200
    
    DisplayLogin                    welcome.msg
    DisplayFirstChdir               .message
    ListOptions                	"-l"
    
    DenyFilter			\*.*/
    
    # Port 21 is the standard FTP port.
    Port				21
    
    # In some cases you have to specify passive ports range to by-pass
    # firewall limitations. Ephemeral ports can be used for that, but
    # feel free to use a more narrow range.
    # PassivePorts                    49152 65534
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances			30
    
    # Set the user and group that the server normally runs at.
    User				proftpd
    Group				nogroup
    
    # Umask 022 is a good standard umask to prevent new files and dirs
    # (second parm) from being group and world writable.
    Umask				022  022
    # Normally, we want files to be overwriteable.
    AllowOverwrite			on
    
    # Uncomment this if you are using NIS or LDAP to retrieve passwords:
    # PersistentPasswd		off
    
    # Be warned: use of this directive impacts CPU average load!
    #
    # Uncomment this if you like to see progress and transfer rate with ftpwho
    # in downloads. That is not needed for uploads rates.
    # UseSendFile			off
    
    TransferLog /var/log/proftpd/xferlog
    SystemLog   /var/log/proftpd/proftpd.log
    
    <IfModule mod_tls.c>
    TLSEngine off
    </IfModule>
    
    <IfModule mod_quota.c>
    QuotaEngine on
    </IfModule>
    
    <IfModule mod_ratio.c>
    Ratios on
    </IfModule>
    
    
    # Delay engine reduces impact of the so-called Timing Attack described in
    # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
    # It is on by default. 
    <IfModule mod_delay.c>
    DelayEngine on
    </IfModule>
    
    <IfModule mod_ctrls.c>
    ControlsEngine        on
    ControlsMaxClients    2
    ControlsLog           /var/log/proftpd/controls.log
    ControlsInterval      5
    ControlsSocket        /var/run/proftpd/proftpd.sock
    </IfModule>
    
    <IfModule mod_ctrls_admin.c>
    AdminControlsEngine on
    </IfModule>
    
    # A basic anonymous configuration, no upload directories.
    
    # <Anonymous ~ftp>
    #   User				ftp
    #   Group				nogroup
    #   # We want clients to be able to login with "anonymous" as well as "ftp"
    #   UserAlias			anonymous ftp
    #   # Cosmetic changes, all files belongs to ftp user
    #   DirFakeUser	on ftp
    #   DirFakeGroup on ftp
    # 
    #   RequireValidShell		off
    # 
    #   # Limit the maximum number of anonymous logins
    #   MaxClients			10
    # 
    #   # We want 'welcome.msg' displayed at login, and '.message' displayed
    #   # in each newly chdired directory.
    #   DisplayLogin			welcome.msg
    #   DisplayFirstChdir		.message
    # 
    #   # Limit WRITE everywhere in the anonymous chroot
    #   <Directory *>
    #     <Limit WRITE>
    #       DenyAll
    #     </Limit>
    #   </Directory>
    # 
    #   # Uncomment this if you're brave.
    #   # <Directory incoming>
    #   #   # Umask 022 is a good standard umask to prevent new files and dirs
    #   #   # (second parm) from being group and world writable.
    #   #   Umask				022  022
    #   #            <Limit READ WRITE>
    #   #            DenyAll
    #   #            </Limit>
    #   #            <Limit STOR>
    #   #            AllowAll
    #   #            </Limit>
    #   # </Directory>
    # 
    # </Anonymous>
    
    
    
     
  14. Ben

    Ben ISPConfig Developer ISPConfig Developer

    Sounds bad, that what I experienced right now as well :-\
    Will there be a patch soon?
    Because I am not really willing to switch back to proftp, cause it did not work that stable for me as vsftpd did and I do not need the anonymous login thing...

    EDIT: The "patch" from the link above worked fine for me (with Debian sarge)
    So the question remains, will this "patch" be implemented in the startscript so that it is not overwritten after an upgrade?
     
    Last edited: May 6, 2007
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    I'am getting the following error on a fresh debian Etch install:

    /home/admispconfig/ispconfig/tools/tcpserver/ispconfig_tcpserver: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory

    Ben: Can you please check if you have a older libc version installed beside libc6? This might explain why it works for you.

    I'am not sure if I shall activate it, it might break installations on other and or older linux installations.

    For a explanation on the general problem, please have a look here:

    http://www.howtoforge.com/forums/showpost.php?p=70886&postcount=8

    If we do not find a solution for it, we might have to disable vsftpd support for new installations (not updates of course).
     
  16. Ben

    Ben ISPConfig Developer ISPConfig Developer

    Well in that case it should better not be implemented, especially for the fact, that sb. was reporting that for him that "patch" did not help.

    What's the best way to find out if there is an older libc installed beside?
    The only one I can find in /lib is 2.3.6
     
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    As far as I know, /lib is the correct directory. You might do a global search with:

    locate libc.
     

Share This Page