CentOS 6, VSFTP
In a bid to secure our server for a production environment, we need to secure FTP as a vital step. FTP is one of the least secure and most exploited standard protocols on production servers today. Many hosting providers now take additional steps to secure FTP for this very reason.
I’m using VSFTP (Very Secure FTP). Let’s change the default FTP port in a bid to improve our server security. We need to edit the /etc/vsftpd/vsftpd.conf file.
1 | $ vi /etc/vsftpd/vsftpd.conf |
First, we disable the connect_from_port option and specify a new data port (typically one port number lower than our connection port):
1 2 3 4 | # set this to NO... connect_from_port_20=NO # define new data port (one number lower than connection port) ftp_data_port=1233 |
Now we add or edit the following lines to change the port:
1 2 | # non-standard FTP port listen_port=1234 |
Don’t be tempted to use 2121! I’m sure that was hard to come up with, but these crackers are smart folks 😉 Also, I would recommend you use a port higher than 1024 and make sure it is not in use by something else.
Once you have edited the file, save and close it and restart the service for changes to take effect:
1 2 3 | /etc/init.d/vsftpd restart // OR service vsftpd restart |
Done! We changed the port and greatly upped our server security in the process. Don’t forget to change firewall rules for your new port, and secure port 21.