FTP returns error

funnyman · 06-30-2012, 06:51 AM

Hi all,

Oddly, at the same time FTP stopped working when I tried to log in. Each time, it returns the following error:

-------
Status: Connecting to xxx.xxx.xx.xxx...
Response: fzSftp started
Command: open "user@xxx.xxx.xx.xxx" 22
Command: Pass: ************
Status: Connected to xxx.xxx.xx.xxx
Error: Connection closed by server with exitcode 127
Error: Could not connect to server
-------

I have tried to FTP using different users and restart the server to to avail.

The only significant change I have made to the server recently is to change the MySQL password.

Any ideas as to what could be causing this?

jschiwal · 06-30-2012, 06:59 AM

Try connecting with "sftp -vv <user>@<hostname>" for more verbose messages.
Make sure that the sshd service is running on the server.

funnyman · 06-30-2012, 08:16 AM

thanks for your suggestion jschiwal - do i need to introduce that command using SSH/Putty? I have been using FileZilla FTP to connect

lithos · 06-30-2012, 08:37 AM

Yes, sftp command is from CLI (command line) like you wrote, in SSH/Putty.

Probably that's not what you are using to do FTP (you wrote FileZilla).

And since you're using FileZilla FTP server (regarding response: fzSftp started), there is a FileZilla forum for troubleshooting.
and more of it, you also didn't wrote your System and which FTP server software you are using,

so if you want help, please write your configurations/system/software to get help, otherwise we (members of LQ) can only guess what is wrong.

good luck

funnyman · 06-30-2012, 09:26 AM

thanks lithos. I'm a newbie so i don't know how where to find this information. I have been able to connect to the server using FileZilla before so i dont think the problem is with FileZilla. I'm actually experiencing issues with my website too (users are not able to login).

System: CentOS 5.3

FTP daemon: I cant find any daemons running which contain the word FTP when i type "#ps -al". I believe i should see something like vsftpd or Twoftpd but there is no such process running. There is definitely some daemon installed since i have connected using FTP various times before. How can i find this information?

Configurations: I'm not sure what you mean by this.

funnyman · 06-30-2012, 09:32 AM

Typing "sftp -vv <user>@<hostname>" as suggested by jschiwal returns:

#command-line: line 0: Bad configuration option: PermitLocalCommand

lithos · 06-30-2012, 11:48 AM

quickly:

Code:

# service vsftpd status

if returns "running..." then it's vsFTPd.

Configurations:
- vsftpd configuration : /etc/vsftpd/vsftpd.conf
- firewall configuration: probably "iptables" (# iptables -nL) , could be it's not opened for FTP passive ports (not 21) or something else is going on...

funnyman · 06-30-2012, 12:59 PM

lithos

# service vsftpd status

returns: "vsftpd: unrecognized service"
Directory vsftpd configuration : /etc/vsftpd/ does not exist either.

lithos · 07-01-2012, 05:13 AM

Hi,

if there is no vsFTP then I can't say what service it is, try as 'root':

Code:

root@~#>netstat -tapln
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      2251/mysqld
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      14235/named
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      25308/vsftpd

if this shows you any service name listening on port 21 (ftp), which one is it?

chrism01 · 07-01-2012, 08:11 PM

As you are running Centos, lets check what's installed

Code:

rpm -qa|grep -i ftp

ls /etc/init.d

chkconfig --list|grep -i ftp

and go from there

jschiwal · 07-02-2012, 06:46 AM

The server may be using ssh's ftp server rather than vsftp. Putty has an sftp client. Use that if since you have putty. You could also run linux using a live CD and use the openssh sftp client. Check if putty's sftp client has a verbose option is you use that.

If you can log into the server, check the logs in /var/log/. messages or secure or auth may contain info if you have an authentication problem.

funnyman · 07-02-2012, 01:33 PM

Hi guys,

Thank you for all your help - it is much appreciated. After using lithos' "#netstat -tapln" I realised that there were 4/5 IP addresses from corners of the world that had no reason to be connected to my server so I hired a system administrator to take a look and he confirmed my suspicions - my SSH was hacked and this is why FTP strangely stopped working.

I'll have to format the server and start again or move elsewhere.

I know this is off-topic but can anybody recommend a decent managed server with UK/EU data servers for under £180 (inc. VAT)? I'm thinking it'll be better to have a professional looking after the site from now on.

lithos · 07-02-2012, 02:31 PM

Hi,

I'm sorry to read you had been hacked, but also glad you found it.
Since I'm not anywhere near UK I can't suggest you any hosting, sorry.

But if you will stay on the server and start setting all over again, try first to find how to securing SSH, then disabling unwanted domains to connect and enabling only your IP's.

It's an everyday job for system administrators to block the attacks from breaking in and securing as much as possible for a good night sleep.

funnyman · 07-02-2012, 02:37 PM

Thanks again Lithos. Luckily I’d only just started when this happened and didn’t have any sensitive information on the server so no real damage was done. For now, I think I’m better off with a professional looking after things to ensure business continuity.

Thank you for your links nonetheless; if I pick up another VPS for a smaller project, I’ll be sure to use the information you provided to add additional layers of security.

lithos · 07-02-2012, 02:40 PM

May I add you another point of RHEL administration guide for that reason,
a sh*tload of information to read and learn.

Good luck,

Best Regards