Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Disabling FTP Service

Featured Replies

I'm using v5b13 and it appears there's an FTP service running with default user nobody and password xampp.  Is this a required service?  If not, how does one disable it?  And if it is a required service, can one change the password without adversely affecting the system?  If so, how?

  • Author

Was wondering if there was any input on this?  I was quite surprised to find out that this service was present and activated by default as it presents a security risk.  Thanks!

vsftpd is installed and running by default.

 

Not quite sure how to turn it off, but it should be possible to find an answer with a little google searching.

vsftpd is installed and running by default.

 

Not quite sure how to turn it off, but it should be possible to find an answer with a little google searching.

And with that in mind here is what I found with said Google search.  Opps forgot to say this was for RedHat but may work on unRAID as well.

 

  • Author

@prostuff1

 

I wasn't aware that an FTP service was installed by default and the security vulnerability wasn't brought to my attention until a scan was done by IT.  In any case, I presume that there is a reason that vsftpd was installed and don't want to disable it if it will adversely affect the server.  

 

 

And with that in mind here is what I found with said Google search.  Opps forgot to say this was for RedHat but may work on unRAID as well.

 

 

Unless I'm missing something, those commands will not work.  It looks like I can disable vsftpd by commenting out this line in inetd.conf :

 

ftp    stream  tcp    nowait  root    /usr/sbin/tcpd  vsftpd

 

But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole.  This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo.

And with that in mind here is what I found with said Google search.  Opps forgot to say this was for RedHat but may work on unRAID as well.

 

 

Unless I'm missing something, those commands will not work.  It looks like I can disable vsftpd by commenting out this line in inetd.conf :

 

ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  vsftpd

 

But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole.  This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo.

Glad you found a possible solution I know just enough about Linux to get me into trouble which is why I added the RedHat qualification.

And with that in mind here is what I found with said Google search.  Opps forgot to say this was for RedHat but may work on unRAID as well.

 

 

Unless I'm missing something, those commands will not work.  It looks like I can disable vsftpd by commenting out this line in inetd.conf :

 

ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  vsftpd

 

But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole.  This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo.

Glad you found a possible solution I know just enough about Linux to get me into trouble which is why I added the RedHat qualification.

You'll need to comment out the line, then re-start inetd so it does not try to re-invoke it, then kill any existing process.

 

these three lines in your config/go script will probably do it:

sed -i -e "s/^ftp/##ftp/" /etc/inetd.conf

/etc/rc.d/rc.inetd restart

killall vsfptd

 

 

  • Author

@ dgaschk

 

IT was doing a scan of the network, and found the vulnerability.  I wasn't aware that xampp was part of the unraid distribution, so was surprised to see that the FTP service was present.  I tried to login with the credentials given, and it worked even without the array started.

 

@ Joe L.

 

Thanks for the more comprehensive solution.  If FTP isn't needed, and is a security risk, shouldn't it be disabled in future releases, or at least given instructions how to change the login/password?

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.