Another vulnerable port on any server is the port 21 which is the FTP port being used for file transfer to and from the server. Hacker can exploit this port through Brute Force attacks. It is advised to turn off this port and use the SSH port for SFTP file transfer.
Disabling FTP Port 21
- As a prerequisite, ensure that your SSH port is operational and you are able to access SFPT through the SSH port.
- Login to Putty with your user account that has root privileges
- Use the below command to deny port 21 in UFW (Firewall)
$ ufw deny 21/tcp
Output
Rules updated
Rules updated (v6)
- Confirm the same by checking the list of rules added to the UFW firewall:
$ ufw show added
Output
ufw deny 21/tcp
- Then kill the application running on the given port by using the below command:
$ fuser -k 21/tcp
- To verify that port 21 is disabled in firewall and closed on the server, use the NMAP software to scan the server.
- Port 21 will not appear in the scan results.
- To re-run the FTP service once again, run the below command:
/etc/init.d/proftpd restart
OR
service proftpd restart
OR (Depending on whether your server is using Pure FTP or Pro FTP)
/etc/init.d/pure-ftpd restart
OR
service pure-ftpd restart
