REGISTER  


Recommended proftpd settings
This thread belongs to forum.perpeton.com


2015-01-09 16:29 GMT   |   #1

Comments: 14
We are using ProFTPd in standalone mode, here are some useful options:
  • IdentLookups Off - disable client ident lookup (a service on port 113) which is practically a waste of time during login
  • UseReverseDNS Off - disable client reverse DNS which also slows down login
  • ServerIdent on "FTP Server ready." - option for the paranoid people, disables revealing server info, and prevents own hostname lookup
  • AllowStoreRestart On
  • AllowRetrieveRestart On - these options enable clients to resume aborted uploads and dowloads
  • You may limit who can log in like this:
    <Limit LOGIN>
        AllowUser someuser
        …
        DenyAll
    </Limit>
  • You may jail some users to a directory like this
  • DefaultRoot /some/dir some_group,!another_group

We also recommend you to disable every module related to tls and sftp if you don't need them because it slows down everything. This can be done by commenting lines in modules.conf.
2015-06-30 17:17 GMT   |   #2

Comments: 14
Today we noticed that someone tried this vulnerability on one of our servers:
http://bugs.proftpd.org/show_bug.cgi?id=4169
Fortunately we don't store our virtual hosts on standard locations.
Fix exists only in 1.3.5a so until then you are recommended to disable mod_copy by commenting the line in  /etc/proftpd/modules.conf.