Im thinking about throwing proftpd to the trashcan

Discussion in 'Installation/Configuration' started by danf.1979, Dec 23, 2005.

  1. danf.1979

    danf.1979 ISPConfig Developer

    Im thinking about throwing proftpd to the trashcan.
    I have Ubuntu breezy and proftpd version 1.2.10-22. Symptoms are like follows: after some time my pc has been online I suddenly get an "Offline" status in ISPConfig "Services" tab for proftpd. At this exact time, navigating through the "Administration" menu, submenu "Server" is extremely slow, but I get normal speed navigating through other parts of ISPConfig. If I want to check "Settings", "Status" or "Services" in the "Server" submenu, I'll have to whait some time for the page to load. At this time, If I have not seen the "Offline" status for proftpd, I already know it is dead, just for experience. Everytime is the same story.

    When everything is correct (proftpd online) I check running processes at "System Monitor" (breezy top-gui-like program) and I see the following:
    Code:
    proftpd: (accepting conections) State: Sleeping
    
    I also can go and browse /var/run/proftpd containing two files: proftpd.delay, proftpd.scoreboard.
    If i do a syntax check everything seems ok.
    Code:
    dan@alcon:~$ sudo proftpd -td5
    Password:
    Checking syntax of configuration file
     - mod_tls/2.0.7: using OpenSSL 0.9.7g 11 Apr 2005
     - parsing '/etc/proftpd.conf' configuration
     - Compiling deny regex '\*.*/'.
     - Allocated deny regex at location 0x814dd20.
     - parsing '/etc/proftpd_ispconfig.conf' configuration
     - <Directory *>: adding section for resolved path '*'
     - <Directory /var/www/web8/ftp/incoming>: adding section for resolved path '/var/www/web8/ftp/incoming'
    localhost.localdomain -
    localhost.localdomain - Config for Debian:
    localhost.localdomain - DeferWelcome
    localhost.localdomain - DefaultServer
    localhost.localdomain - ShowSymlinks
    localhost.localdomain - TimeoutNoTransfer
    localhost.localdomain - TimeoutStalled
    localhost.localdomain - TimeoutIdle
    localhost.localdomain - DisplayLogin
    localhost.localdomain - DisplayFirstChdir
    localhost.localdomain - ListOptions
    localhost.localdomain - DenyFilter
    localhost.localdomain - UserID
    localhost.localdomain - UserName
    localhost.localdomain - GroupID
    localhost.localdomain - GroupName
    localhost.localdomain - Umask
    localhost.localdomain - DirUmask
    localhost.localdomain - AllowOverwrite
    localhost.localdomain - DefaultRoot
    localhost.localdomain -
    localhost.localdomain - Config for Debian:
    localhost.localdomain - /var/www/web8/ftp/
    localhost.localdomain -  Limit
    localhost.localdomain -   DenyAll
    localhost.localdomain -  /var/www/web8/ftp/incoming
    localhost.localdomain -   Limit
    localhost.localdomain -    DenyAll
    localhost.localdomain -   Limit
    localhost.localdomain -    AllowAll
    localhost.localdomain -   Umask
    localhost.localdomain -   MaxClients
    localhost.localdomain -   AllowOverwrite
    localhost.localdomain -  UserName
    localhost.localdomain -  GroupName
    localhost.localdomain -  UserAlias
    localhost.localdomain -  UserAlias
    localhost.localdomain -  MaxClients
    localhost.localdomain -  AllowOverwrite
    localhost.localdomain -  Umask
    localhost.localdomain - DefaultRoot
    localhost.localdomain - AllowOverwrite
    localhost.localdomain - Umask
    Syntax check complete.
    dan@alcon:~$
    

    When the server gets offline, in System Monitor i see:
    Code:
    proftpd: (accepting conections) State: Uninterruptable
    /ect/init.d/proftpd start
    
    If I go to /var/run/proftpd/, I can't see a thing. Mouse Icon keeps telling me to whait, and nothing ever gets load on *that* directory only (havent check with "ls", I'll do that). Also System Monitor tells me there is a load of 100% CPU, but no process has a high load (strange). Top tells me CPU load is at 10-13% (not 100%), but anyway the system feels slower.
    I can't kill neither proftpd, nor /etc/init.d/proftpd start
    Under this conditions, the syntax check with: sudo proftpd -td5, NEVER completes. If I close the terminal, the process become a zombie, but it is not terminated. The only way I can get proftpd online again is rebooting, and ofcourse this is not nice.

    This is my /etc/proftpd.conf
    Code:
    #
    # /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
    # To really apply changes reload proftpd after modifications.
    # 
    
    ServerName			"Debian"
    ServerType			standalone
    DeferWelcome			off
    
    MultilineRFC2228		on
    DefaultServer			on
    ShowSymlinks			on
    
    TimeoutNoTransfer		600
    TimeoutStalled			600
    TimeoutIdle			1200
    
    DisplayLogin                    welcome.msg
    DisplayFirstChdir               .message
    ListOptions                	"-l"
    
    DenyFilter			\*.*/
    
    # Uncomment this if you are using NIS or LDAP to retrieve passwords:
    #PersistentPasswd		off
    
    # Uncomment this if you would use TLS module:
    #TLSEngine 			on
    
    # Uncomment this if you would use quota module:
    #Quotas				on
    
    # Uncomment this if you would use ratio module:
    #Ratios				on
    
    # Port 21 is the standard FTP port.
    Port				21
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances			30
    
    # Set the user and group that the server normally runs at.
    User				nobody
    Group				nogroup
    
    # Umask 022 is a good standard umask to prevent new files and dirs
    # (second parm) from being group and world writable.
    Umask				022  022
    # Normally, we want files to be overwriteable.
    AllowOverwrite			on
    
    # Delay engine reduces impact of the so-called Timing Attack described in
    # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
    # It is on by default. 
    #DelayEngine 			off
    
    # A basic anonymous configuration, no upload directories.
    
    # <Anonymous ~ftp>
    #   User				ftp
    #   Group				nogroup
    #   # We want clients to be able to login with "anonymous" as well as "ftp"
    #   UserAlias			anonymous ftp
    #   # Cosmetic changes, all files belongs to ftp user
    #   DirFakeUser	on ftp
    #   DirFakeGroup on ftp
    # 
    #   RequireValidShell		off
    # 
    #   # Limit the maximum number of anonymous logins
    #   MaxClients			10
    # 
    #   # We want 'welcome.msg' displayed at login, and '.message' displayed
    #   # in each newly chdired directory.
    #   DisplayLogin			welcome.msg
    #   DisplayFirstChdir		.message
    # 
    #   # Limit WRITE everywhere in the anonymous chroot
    #   <Directory *>
    #     <Limit WRITE>
    #       DenyAll
    #     </Limit>
    #   </Directory>
    # 
    #   # Uncomment this if you're brave.
    #   # <Directory incoming>
    #   #   # Umask 022 is a good standard umask to prevent new files and dirs
    #   #   # (second parm) from being group and world writable.
    #   #   Umask				022  022
    #   #            <Limit READ WRITE>
    #   #            DenyAll
    #   #            </Limit>
    #   #            <Limit STOR>
    #   #            AllowAll
    #   #            </Limit>
    #   # </Directory>
    # 
    # </Anonymous>
    
    DefaultRoot ~
    
    Include /etc/proftpd_ispconfig.conf
    
    And my /etc/proftpd_ispconfig.conf
    Code:
    ###################################
    #
    # ISPConfig proftpd Configuration File
    #         Version 1.0
    #
    ###################################
    <VirtualHost 200.104.78.7>
            DefaultRoot             ~
            AllowOverwrite          on
            Umask                   002
    </VirtualHost>
    
    The syslog only has stuff like this:
    Code:
    Dec 21 12:00:02 localhost proftpd[3806]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session opened.
    Dec 21 12:00:02 localhost proftpd[3806]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session closed.
    Dec 21 12:30:02 localhost proftpd[4936]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session opened.
    Dec 21 12:00:02 localhost proftpd[3806]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session closed.
    .
    .
    Dec 21 00:56:47 localhost proftpd[10707]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - mod_delay/0.4: delaying for 14 usecs
    Dec 21 00:56:47 localhost proftpd[10707]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - mod_delay/0.4: delaying for 55 usecs
    .
    .
    Dec 22 19:57:11 localhost proftpd[10122]: localhost.localdomain - ProFTPD killed (signal 15)
    Dec 22 19:57:11 localhost proftpd[10122]: localhost.localdomain - ProFTPD 1.2.10 standalone mode SHUTDOWN
    Dec 22 19:57:11 localhost proftpd[10122]: localhost.localdomain - deleting existing scoreboard '/var/run/proftpd/proftpd.scoreboard'
    Dec 22 19:57:13 localhost proftpd[11419]: localhost.localdomain - ProFTPD 1.2.10 (stable) (built do mrt 22 18:28:32 CET 2001) standalone mode STARTUP
    
    And this could be of some importance, also in the syslog:
    Code:
    Dec 22 20:00:01 localhost proftpd[11595]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session requested from unknown class
    .
    .
    Dec 21 13:11:40 localhost proftpd[6969]: localhost.localdomain - Fatal: unable to open incoming connection: Transport endpoint is not connected
    

    Any clues? Is there any more info i could provide?
     
    Last edited: Dec 23, 2005
  2. Tommie

    Tommie New Member

    maybe bad Interface

    Hi

    Please post your output of 'ifconfig' for your existing interfaces.

    And ist the ftp really listen on the "right" interface ? Seems to be only
    on your loopback. Try 'netstat -anp | grep :21' so see this.

    Maybe could could try the Option "Defaultserver on" ist your proftpd.conf
    Like this:

    ServerName "YOURSERVERNAME"
    Defaultserver on
    ServerType standalone
    ...

    Sometimes, wenn this option is missing, the daemon couldn't bind on
    all/external interface. Your .conf seems to be ok, IMHO. After making
    this change, you have to restart the daemon.

    hth TOMmie
     
  3. danf.1979

    danf.1979 ISPConfig Developer

    This is the netstat output:
    Code:
    dan@alcon:~$ netstat -anp | grep :21
    (Not all processes could be identified, non-owned process info
     will not be shown, you would have to be root to see it all.)
    tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN     -
    
    Is this Ok?
    DefaultServer option was already on
    Code:
    .
    .
    ServerName			"Debian"
    ServerType			standalone
    DeferWelcome			off
    
    MultilineRFC2228		on
    DefaultServer			on
    .
    .
    
    Thanks for your reply.
     

Share This Page