saurabh
By:
saurabh

FTP setup for Ubuntu 14.04 - vsftpd or proftpd ?

July 9, 2014 21.6k views

Hi,

I have an Ubuntu 14.04 deployed on my droplet. I'm using it for running multiple websites (one of which is written in core-php and other are Joomla! based). Now, on each website, there are options for visitors to register and submit posts and add attachments to their posts.

While uploading these files, the code uses FTP layer for uploads. I don't want users to upload files through browser but utilize FTP layer. Although it may look like uploading from browser to a usual user but on backend, the application should utilize FTP for uploads.

Now my questions are:

  1. Primary objective to install FTP daemon on m y droplet is to allow file uploads by website visitors over FTP and not through web-browser. Which option is safer and better - vsftpd or proftpd?

  2. While FTP is not a recommended solution, is there a way to allow such file uploads on SFTP? If yes, then how can it be achieved through Joomla! and on a core-php code?

  3. If I use FTP for uploads, but restrict such FTP requests to my server IP, then would it work? And if it would, then is it a good solution to prevent unauthorized server access through FTP?

  4. If I use FTP, then I have to keep port 21 open in UFW. Although I may restrict user access to certain directory (chroot) and also disallow user from any other IP than the server itself, still port 21 is open. How to ensure that no intrusion happens while the port in open?

--
Regards
Saurabh

1 comment
  • Hi Saurabh,

    I do not know much about proftpd, but I would use vsftpd. You do not have to keep port 21 open, you can use WinSCP to authenticate with your ssh private keys and send encrypted traffic over port 22. You can also change this port but be warned that takes additional effort to recompile how things work but makes things even more secure.

    I have add this set up for some time and it is more secure then using an external ftp resource.

    You can also look at Advance Policy Firewall (APF) by R-fx Networks.

    https://www.rfxn.com/projects/advanced-policy-firewall/

    Best wishes!

1 Answer

Hi,

No reply???? I mean no one??

Anyways, I chose proftpd over vsftpd....and took some additional security measures like:

a. Changed FTP port number in proftpd configuration

b. Installed fail2ban, Tripwire & ufw

c. Disabled root

Now my queries is: Can I use SFTP for uploads? Here uploads refers to - <uploading an image for their profile>, <'doc' files for sharing> etc... by registered users of my websites. If yes, then is it enabled just as same as we enable FTP uploads in Joomla! and core-php?

--
Regards
Saurabh

Have another answer? Share your knowledge.