Change Default FTP Port For VSFTP

back to tech articles
CentOS 6, VSFTP

In a bid to secure our server for a production environment, we need to secure FTP as a vital step. FTP is one of the least secure and most exploited standard protocols on production servers today. Many hosting providers now take additional steps to secure FTP for this very reason.

I’m using VSFTP (Very Secure FTP). Let’s change the default FTP port in a bid to improve our server security. We need to edit the /etc/vsftpd/vsftpd.conf file.

1
$ vi /etc/vsftpd/vsftpd.conf
[amazon_link asins=’B006TTBYEM’ template=’ProductAd’ store=’twincr-21′ marketplace=’UK’ link_id=’8be46274-dd28-11e7-8943-b12fe0231499′]

First, we disable the connect_from_port option and specify a new data port (typically one port number lower than our connection port):

1
2
3
4
# set this to NO...
connect_from_port_20=NO
# define new data port (one number lower than connection port)
ftp_data_port=1233

Now we add or edit the following lines to change the port:

1
2
# non-standard FTP port
listen_port=1234

Don’t be tempted to use 2121! I’m sure that was hard to come up with, but these crackers are smart folks 😉 Also, I would recommend you use a port higher than 1024 and make sure it is not in use by something else.

Once you have edited the file, save and close it and restart the service for changes to take effect:

1
2
3
/etc/init.d/vsftpd restart
// OR
service vsftpd restart

Done! We changed the port and greatly upped our server security in the process. Don’t forget to change firewall rules for your new port, and secure port 21.