Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Oddly, at the same time FTP stopped working when I tried to log in. Each time, it returns the following error:
-------
Status: Connecting to xxx.xxx.xx.xxx...
Response: fzSftp started
Command: open "user@xxx.xxx.xx.xxx" 22
Command: Pass: ************
Status: Connected to xxx.xxx.xx.xxx
Error: Connection closed by server with exitcode 127
Error: Could not connect to server
-------
I have tried to FTP using different users and restart the server to to avail.
The only significant change I have made to the server recently is to change the MySQL password.
Yes, sftp command is from CLI (command line) like you wrote, in SSH/Putty.
Probably that's not what you are using to do FTP (you wrote FileZilla).
And since you're using FileZilla FTP server (regarding response: fzSftp started), there is a FileZilla forum for troubleshooting.
and more of it, you also didn't wrote your System and which FTP server software you are using,
so if you want help, please write your configurations/system/software to get help, otherwise we (members of LQ) can only guess what is wrong.
thanks lithos. I'm a newbie so i don't know how where to find this information. I have been able to connect to the server using FileZilla before so i dont think the problem is with FileZilla. I'm actually experiencing issues with my website too (users are not able to login).
System: CentOS 5.3
FTP daemon: I cant find any daemons running which contain the word FTP when i type "#ps -al". I believe i should see something like vsftpd or Twoftpd but there is no such process running. There is definitely some daemon installed since i have connected using FTP various times before. How can i find this information?
Configurations: I'm not sure what you mean by this.
Last edited by funnyman; 06-30-2012 at 09:34 AM.
Reason: clarification
Configurations:
- vsftpd configuration : /etc/vsftpd/vsftpd.conf
- firewall configuration: probably "iptables" (# iptables -nL) , could be it's not opened for FTP passive ports (not 21) or something else is going on...
The server may be using ssh's ftp server rather than vsftp. Putty has an sftp client. Use that if since you have putty. You could also run linux using a live CD and use the openssh sftp client. Check if putty's sftp client has a verbose option is you use that.
If you can log into the server, check the logs in /var/log/. messages or secure or auth may contain info if you have an authentication problem.
Thank you for all your help - it is much appreciated. After using lithos' "#netstat -tapln" I realised that there were 4/5 IP addresses from corners of the world that had no reason to be connected to my server so I hired a system administrator to take a look and he confirmed my suspicions - my SSH was hacked and this is why FTP strangely stopped working.
I'll have to format the server and start again or move elsewhere.
I know this is off-topic but can anybody recommend a decent managed server with UK/EU data servers for under £180 (inc. VAT)? I'm thinking it'll be better to have a professional looking after the site from now on.
I'm sorry to read you had been hacked, but also glad you found it.
Since I'm not anywhere near UK I can't suggest you any hosting, sorry.
But if you will stay on the server and start setting all over again, try first to find how to securing SSH, then disabling unwanted domains to connect and enabling only your IP's.
It's an everyday job for system administrators to block the attacks from breaking in and securing as much as possible for a good night sleep.
Thanks again Lithos. Luckily I’d only just started when this happened and didn’t have any sensitive information on the server so no real damage was done. For now, I think I’m better off with a professional looking after things to ensure business continuity.
Thank you for your links nonetheless; if I pick up another VPS for a smaller project, I’ll be sure to use the information you provided to add additional layers of security.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.