FTP login problem
Posted by crazyaboutlinux, 04-14-2009, 10:42 AM one of my client is facing to connect FTP server everyday. they have Dynamic ISP of BSNL BSNL is the India's Largest ISP provider we are using CSF 4.63 firewall so i just put their local ISP's IP addresss into etc/csf.allow/ file & they can able to login to FTP server but this problem is causing again once their local ISP's IP address gets changed it self so i just tell them that buy a new static IP instead of dyanmic but they do not agree with us & we don't want to add whole BSNL IP range in our server firewall this may cause problem to our server performance so whats the solutions for this
Posted by sirius, 04-14-2009, 10:47 AM Moved to Technical and Security Issues.... Sirius
Posted by Servosupport, 04-14-2009, 11:14 AM Hello, We are from India, for home user clients BSNL does not provide with static IP, and to get a business plan from BSNL is too expensive, where they provide with a static IP. You will have to check out with the client if he is in home plan or business plan, if he has a business plan then he can opt for a static IP address. Otherwise if he is in a home plan then the IP will keep changing. either you will have to configure the whole BSNL IP range in csf / or will have to find an option for the client to access FTP... Last edited by Servosupport; 04-14-2009 at 11:18 AM.
Posted by crazyaboutlinux, 04-15-2009, 01:17 AM Thats what i am trying to explain to WHT client has home plan not business & due to expensive client's do not want to buy a static IP. And we can't add whole IP range of BSNL in our csf.allow file because the whole IP range of BSNL are in poor reputation in senderbase.org & it can be affect to our server performance so can not add it You can check the same by clicking on below URL http://www.senderbase.org/senderbase...g=59.96.145.59 we want that client can able to loging to FTP server with Dynamic IP what is the alternate solutions for that Thanks ! Nilesh
Posted by WeWatch, 04-15-2009, 07:08 AM You can't have both. Either you're going to have to insist your client gets a static IP address or you're going to have to allow all of BSNL's IP addresses to access FTP. I think what you're trying to do by restricting the IP addresses to only allowed IPs is considered security by obscurity and doesn't address the problem correctly. First rather than insisting on static IP addresses, I would suggest you insist that clients do not use FTP but rather either SFTP or SSH. FTP sends username and password in plain text. It's easy to sniff. From there, if a client insists on not having a static IP address, then you should have them take full responsibility for their specific sites security. That's just my 2 cents.
Posted by crazyaboutlinux, 04-15-2009, 07:18 AM is it possible that client can use SFTP without normal or jailed shell access ??
Posted by Collabora, 04-15-2009, 09:22 AM Hello Nilesh, I don't see a problem here. BSNL's poor reputation appears to be spam-related. Opening port 21 to their customers shouldn't cause a problem on your servers.
Posted by crazyaboutlinux, 04-15-2009, 09:30 AM Means what ????? i got below details from /etc/csf.deny file 59.96.145.59 # lfd: 5 (mod_security) login failures from 59.96.145.59 in the last 300 secs - Tue Apr 14 19:01:02 2009 it may can help us guy's to resolve this issue
Posted by crazyaboutlinux, 04-21-2009, 08:55 AM is there anyone @ WHT can solve this ?????