FreeBSD Blog

Change FTP Port

December 31, 2005 Posted by KP

After I changed the ssh port, combined with the changes of net.inet.tcp.blackhole and net.inet.udp.blackhole, now the server is completely free of ssh login attempts. I realized these two changes should be made together, it doesn’t make much sense to change only one of them. For example, if only change the port, the server will still respond to the port scan, it very probably gets more scan activity. What if only changed the system varibles? Since the ports of common services are the main target, the evil people still can easily find the ports to attack.

This reminded me of the ports of other common service, especially FTP. There are also lots of attempts for anonymouse FTP account, the message in /var/log/messages look like:
pure-ftpd: [ERROR] Unable to set up secure anonymous FTP

I’m using pure-ftpd (switched from proftpd), very easy installation and worked very well.

I used command line to start pure-ftpd. But to change the port, configuration file is necessary.
Copy or rename /usr/local/etc/pure-ftpd.conf.sample to /usr/local/etc/pure-ftpd.conf.

I changed “NoAnonymous no” to
“NoAnonymous yes”.

The default configuration for port:
# IP address/port to listen to (default=all IP and port 21).
# Bind 127.0.0.1, 21

It should be very easy to change this, but I coudn’t figure out the format for “all IP”, very silly :-(.

Start pure-ftpd with the configuration file:
# /usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf

• Change sshd Port
• Switch to pure-ftpd
• Install via Port
• Start Program at Boot Time
• Install ProFTPD
• Change Hostname
• Reduce Server Visibility
• Anonymous FTP Account