Current time: 11-15-2024, 12:48 PM Hello There, Guest! (LoginRegister)


Thread Closed 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[IN-USE]proftp authentifizierung dauert zulange
Author Message
meisterklopfer Offline
Newbie
*

Posts: 7
Joined: Jan 2010
Reputation: 0
Post: #1
[IN-USE]proftp authentifizierung dauert zulange
Hi !

info:
ispcp 1.0.2

haben da so einige kunden in production und der login dauert aufeinmal sehr lange. kunden berichten von timeouts aber hauptsächlich hängts bei der authentifizierung.
habs mit ftp loclahost probiert und es dauert auch sehr lange Sad




----------------------------------------------------------------
proftpd config:
Code:
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6                    off

ServerName                 "xxxx.xxxxx.xxxxx"
ServerType                 standalone
DeferWelcome               off

MultilineRFC2228           on
DefaultServer              on  
ShowSymlinks               on

AllowOverwrite             on
UseReverseDNS              off
IdentLookups               off
AllowStoreRestart          on  
AllowForeignAddress        on

LogFormat                  traff "%b %u"

TimeoutLogin               300


TimeoutNoTransfer          600
TimeoutStalled             600
TimeoutIdle                1200

DisplayLogin               welcome.msg
DisplayChdir          message

ListOptions                "-l"
#LsDefaultOptions           "-l"

DenyFilter                 \*.*/

DefaultRoot                ~

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd         off

# Port 21 is the standard FTP port.
Port                       21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
#PassivePorts               49152 65534

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works  
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances               30

# Set the user and group that the server normally runs at.
User                       nobody
Group                      nogroup

# Normally, we want files to be overwriteable.
<Directory /*>
  # Umask 022 is a good standard umask to prevent new files and dirs
  # (second parm) from being group and world writable.
Umask                    022  022
  # Normally, we want files to be overwriteable.
  AllowOverwrite           on
  HideNoAccess             on
</Directory>

<Limit ALL>
  IgnoreHidden             on
</Limit>

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile               off

<Global>
  RootLogin                off
  TransferLog              /var/log/proftpd/xferlog
  ExtendedLog              /var/log/proftpd/ftp_traff.log read,write traff
  PathDenyFilter           "\.quota$"
</Global>

# Loading required modules
<IfModule !mod_sql.c>
  LoadModule mod_sql.c
</IfModule>
<IfModule !mod_sql_mysql.c>
  LoadModule mod_sql_mysql.c
</IfModule>
<IfModule !mod_quotatab.c>
  LoadModule mod_quotatab.c
</IfModule>
<IfModule !mod_quotatab_sql.c>
  LoadModule mod_quotatab_sql.c
</IfModule>


#
# SSL via TLS
#
<IfModule mod_tls.c>
  TLSEngine                on                           # on for use of TLS
  TLSLog                   /var/log/proftpd/ftp_ssl.log  # where to log to
  TLSProtocol              SSLv23                        # SSLv23 or TLSv1
  TLSOptions               NoCertRequest                 # either to request the certificate or not
  
  #TLSRSACertificateFile    /etc/proftpd/ssl.crt          # SSL certfile
  #TLSRSACertificateKeyFile /etc/proftpd/ssl.key          # SSL keyfile

  TLSRSACertificateFile    /etc/ssl/certs/proftpd.crt
  TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key

  TLSVerifyClient          off                           # client verification
</IfModule>

#
# ISPCP Quota management;
#
<IfModule mod_quotatab.c>
  QuotaEngine              on
  QuotaShowQuotas          on
  QuotaDisplayUnits        Mb

  SQLNamedQuery            get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avai
  SQLNamedQuery            get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_
  SQLNamedQuery            update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer
  SQLNamedQuery            insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies

  QuotaLock                /var/run/proftpd/tally.lock
  QuotaLimitTable          sql:/get-quota-limit
  QuotaTallyTable          sql:/get-quota-tally/update-quota-tally/insert-quota-tally
</IfModule>

<IfModule mod_ratio.c>
  Ratios                   on
</IfModule>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
  DelayEngine              on
</IfModule>

<IfModule mod_ctrls.c>
  ControlsEngine           on
  ControlsMaxClients       2
  ControlsLog              /var/log/proftpd/controls.log
  ControlsInterval         5
  ControlsSocket           /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
  AdminControlsEngine      on
</IfModule>

# ispCP SQL Managment
AuthOrder                  mod_sql.c
SQLBackend                 mysql
SQLAuthTypes               Crypt
SQLAuthenticate            on  
SQLConnectInfo             ispcp@localhost vftp xxxxxxx
SQLUserInfo                ftp_users userid passwd uid gid homedir shell
SQLGroupInfo               ftp_group groupname gid members
SQLMinUserUID              2000
SQLMinUserGID              2000

# A basic anonymous configuration, no upload directories.

Include /etc/proftpd/ispcp/*
(This post was last modified: 04-23-2010 08:02 AM by ZooL.)
04-22-2010 11:12 PM
Find all posts by this user
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #2
RE: proftp authentifizierung dauert zulange
Try do comment the last line in the config like this
Code:
# Include /etc/proftpd/ispcp/*
restart proftpd and test it again.
But after this change the customers are able to delete all their folders like backups, htdocs...

Greez BeNe
04-22-2010 11:35 PM
Visit this user's website Find all posts by this user
meisterklopfer Offline
Newbie
*

Posts: 7
Joined: Jan 2010
Reputation: 0
Post: #3
RE: proftp authentifizierung dauert zulange
(04-22-2010 11:35 PM)BeNe Wrote:  Try do comment the last line in the config like this
Code:
# Include /etc/proftpd/ispcp/*
restart proftpd and test it again.
But after this change the customers are able to delete all their folders like backups, htdocs...

Greez BeNe


dosen't work Sad
04-22-2010 11:38 PM
Find all posts by this user
tomhb Offline
Member
***

Posts: 336
Joined: Apr 2010
Reputation: 4
Post: #4
RE: proftp authentifizierung dauert zulange
(04-22-2010 11:12 PM)meisterklopfer Wrote:  <IfModule mod_delay.c>
DelayEngine on
</IfModule>

Zum Testen koenntest Du mal "DelayEngine off" probieren, manche clients kommen damit nicht so gut zurecht. Der Hintergrund der DelayEngine ist zwar schoen und gut, bei guten Passwoertern und TLS aber auch nicht ganz so wichtig.
04-23-2010 02:11 AM
Find all posts by this user
Jones007 Offline
Junior Member
*

Posts: 29
Joined: Apr 2010
Reputation: 0
Post: #5
RE: proftp authentifizierung dauert zulange
UseReverseDNS off
IdentLookups off

in die <global></global> direktive reintun
(This post was last modified: 04-23-2010 05:07 AM by Jones007.)
04-23-2010 05:05 AM
Find all posts by this user
fulltilt Offline
Member
***

Posts: 1,225
Joined: Apr 2007
Reputation: 5
Post: #6
RE: proftp authentifizierung dauert zulange
habs so ähnlich gemacht mit einem alten proftpd include:
http://www.isp-control.net/forum/thread-9064.html

danach proftpd neu starten !!!

(04-22-2010 11:35 PM)BeNe Wrote:  Try do comment the last line in the config like this
Code:
# Include /etc/proftpd/ispcp/*
restart proftpd and test it again.
But after this change the customers are able to delete all their folders like backups, htdocs...

Greez BeNe
04-25-2010 09:35 PM
Find all posts by this user
Thread Closed 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)