Skip to main content
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
lRRadmin
New

FXP = File EXCHANGE Protocol = NOT! ftp

Does GoDaddy Web HOSTING support FXP?

NOT "ftp" = if you do not know what it is and HOW TO USE IT = then please do not comment. Thank you.

After 21 years at another Web Hosting Company, I have secured a GD "Maximum" hosting plan.

Problem 1 : zero ACCURATE info available online. Null. Void. The empty set.

Problem 2: I cannot get ANYBODY from GD Tech Support who can answer a simple question (yesterday = 8.5 hours wasted, thank you very much).

Today: I have WASTED another 90 minutes trying to find out whether GD supports FXP (File eXchange Protocol).

Number of Times I have searched GD for answers: ca. 10,000 times over the last 21 YEARS.

Number of times I found accurate + reliable (current) info: less than 7 times in 21 YEARS!

What?

I have to go to Google to find out how to use GoDaddy?

How is that working out for you, duh?

Mark A Rector

Maximum Hosting Account domain NAME: Cuffway.com

[hint: "cuffway" = the name |\| ".com" = the DOMAIN = you canNOT sell the commercial domain, you do not own it.]

p.s. Fix this now, or I am out of here forever.

 

mit freundlichen grüßen / inchristi / στοχριστί / kind regards,

your servant (mark)

1 ACCEPTED SOLUTION
PL281
Super User IV

@lRRadmin 

 

From what I read online FXP it disabled by default do to security reasons - as such I would make an assumption that it is not available on the cPanel server. 

I would propose an alternative which is available via ssh which is scp (Secure Copy)

 

Below are the instruction for using scp

 

If you absolutely must use FXP then you will more than likely need to use a VPS server vs a cPanel server - the instructions for enabling FXP are also below - please note it is advised that you disable FXP as soon as you are done with it.

SCP examples
Copy file from a remote host to local host SCP example:

$ scp username@from_host:file.txt /local/directory/


Copy file from local host to a remote host SCP example:

$ scp file.txt username@to_host:/remote/directory/


Copy directory from a remote host to local host SCP example:

$ scp -r username@from_host:/remote/directory/  /local/directory/


Copy directory from local host to a remote hos SCP example:

$ scp -r /local/directory/ username@to_host:/remote/directory/


Copy file from remote host to remote host SCP example:

$ scp username@from_host:/remote/directory/file.txt username@to_host:/remote/directory/


Notes:

— SCP example:  scp -r  root@123.123.123.123:/var/www/html/ /home/hydn/backups/test/ 

— Host can be IP or domain name. Once you click return, you will be prompted for SSH password.

— When copying a source file to a target file which already exists, scp will replace the contents of the target file. So be careful.

 

 

How to enable FXP on a VPS 

The File eXchange Protocol allows a user to establish a direct FTP connection between two remote servers. This allows a user to directly transfer files between the two servers using FTP without the need to download and upload the files to the user's local machine. This direct FTP connection between the two machines allows for the transfer of files to and from on both machines and for the data transfer request to be initiated via the client's connection to either server.

FXP is disabled in FTP by default due to security concerns. Those concerns exist because FXP can enable an attacker to use the PORT command to port scan victim machines as well as use a proxy machine to access otherwise inaccessible ports. These attacks are known as FTP bounce attacks. Enabling FXP enables the PORT command, thus allowing such attacks to occur.

If you must enable FXP to transfer files between servers, FXP must be enabled in the FTP configuration on the servers. You can use the following to confirm whether or not it is disabled:

PureFTP
grep -i fxp /etc/pure-ftpd.conf
ProFTP
grep -i AllowForeignAddress /etc/proftpd.conf
You would need to change AllowFUserFXP to 'yes' on both servers if not already set.

 

cPanel
To do so, you should not edit the main FTP configurations files as they will be overwritten by cPanel with updates. Instead, you should edit the templates that cPanel uses if you want these changes to be preserved.

Pure-FTPd servers
echo "AllowUserFXP: 'yes'" >> /var/cpanel/conf/pureftpd/local
/usr/local/cpanel/scripts/setupftpserver pure-ftpd --force
ProFTPd servers
echo "AllowForeignAddress On" >> /var/cpanel/conf/proftpd/local
/usr/local/cpanel/scripts/setupftpserver proftpd --force


DirectAdmin
For DirectAdmin, you simply just edit the FTP configuration file and restart FTP.

PureFTP
You will add "AllowUserFXP: 'yes'"
nano /etc/pure-ftpd.conf
service pure-ftpd restart
ProFTP
You will add "AllowForeignAddress On" to the top-most block of settings.
nano /etc/proftpd.conf
service proftpd restart


Enabling the Passive Port Range
If you need to configure the passive port range for FTP, here are the instructions to be ran as root via SSH.

 

cPanel
Pure-FTPd servers
echo "PassivePortRange: 30000 30100" >> /var/cpanel/conf/pureftpd/local
/usr/local/cpanel/scripts/setupftpserver pure-ftpd --force
ProFTPd servers
echo "PassivePorts: 30000 30100" >> /var/cpanel/conf/proftpd/local
/usr/local/cpanel/scripts/setupftpserver proftpd --force


DirectAdmin
For DirectAdmin, you simply just edit the FTP configuration file to include "PassivePortRange 35000 35100 " and restart FTP (KnownHost sets this by default).

PureFTP
nano /etc/pure-ftpd.conf
service pure-ftpd restart
ProFTP
nano /etc/proftpd.conf
service proftpd restart


CSF/LFD Firewall
You may also need to adjust the open ports in your firewall to allow ports for passive FTP. You can attempt the connection to the target server while tailing /var/log/messages to see what ports are being attempted so that you may determine the port range that would need to be opened in the firewall.

Those logs indicate a firewall port blocking issue:

[T] 425 Could not open data connection to port 50007: Connection timed out
[i] Transfer Failed: .htaccess
[T] 425 Could not open data connection to port 50008: Connection timed out
[i] Transfer Failed: favicon.ico
Adjusting the ports in Knownhost's DirectAdmin and cPanel servers involves editing the CSF/LFD configuration file. The passive ports may need to be opened in each server (edit /etc/csf/csf.conf files' TCP_IN/TCP_OUT settings, then run 'csf -ra' to restart):

Knownhost limits the open FTP Passive Ports to the range from 30000 to 30100 in cPanel and from 35000 to 35100 in DirectAdmin for PureFTP, but cPanel's default settings is described below 1) How to Enable FTP Passive Mode in cPanel:

In cPanel & WHM version 60 and later, the system enables passive ports 49152 through 65534 for Pure-FTPd servers and ProFTPd servers by default. If you use the CSF firewall plugin, the system also adds passive port ranges to your server's firewall by default.

So you may be required to edit the either the firewall or FTP configuration so that the ports used in both the FTP server and the firewall to match. It is advised to continue to limit the accessible ports as much as possible, so you will want to try to keep this in mind when choosing which to edit and how.

Both DirectAdmin and cPanel servers have a graphical user interface that one can use to adjust the configuration file. You can also edit the open ports in WHM's ConfigServ Security & Firewall section → "csf - ConfigServer Firewall" section –> "Firewall Configuration" button.

It is advised to disable FXP once done to prevent the possibility of FTP bounce attacks.

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

View solution in original post

1 REPLY 1
PL281
Super User IV

@lRRadmin 

 

From what I read online FXP it disabled by default do to security reasons - as such I would make an assumption that it is not available on the cPanel server. 

I would propose an alternative which is available via ssh which is scp (Secure Copy)

 

Below are the instruction for using scp

 

If you absolutely must use FXP then you will more than likely need to use a VPS server vs a cPanel server - the instructions for enabling FXP are also below - please note it is advised that you disable FXP as soon as you are done with it.

SCP examples
Copy file from a remote host to local host SCP example:

$ scp username@from_host:file.txt /local/directory/


Copy file from local host to a remote host SCP example:

$ scp file.txt username@to_host:/remote/directory/


Copy directory from a remote host to local host SCP example:

$ scp -r username@from_host:/remote/directory/  /local/directory/


Copy directory from local host to a remote hos SCP example:

$ scp -r /local/directory/ username@to_host:/remote/directory/


Copy file from remote host to remote host SCP example:

$ scp username@from_host:/remote/directory/file.txt username@to_host:/remote/directory/


Notes:

— SCP example:  scp -r  root@123.123.123.123:/var/www/html/ /home/hydn/backups/test/ 

— Host can be IP or domain name. Once you click return, you will be prompted for SSH password.

— When copying a source file to a target file which already exists, scp will replace the contents of the target file. So be careful.

 

 

How to enable FXP on a VPS 

The File eXchange Protocol allows a user to establish a direct FTP connection between two remote servers. This allows a user to directly transfer files between the two servers using FTP without the need to download and upload the files to the user's local machine. This direct FTP connection between the two machines allows for the transfer of files to and from on both machines and for the data transfer request to be initiated via the client's connection to either server.

FXP is disabled in FTP by default due to security concerns. Those concerns exist because FXP can enable an attacker to use the PORT command to port scan victim machines as well as use a proxy machine to access otherwise inaccessible ports. These attacks are known as FTP bounce attacks. Enabling FXP enables the PORT command, thus allowing such attacks to occur.

If you must enable FXP to transfer files between servers, FXP must be enabled in the FTP configuration on the servers. You can use the following to confirm whether or not it is disabled:

PureFTP
grep -i fxp /etc/pure-ftpd.conf
ProFTP
grep -i AllowForeignAddress /etc/proftpd.conf
You would need to change AllowFUserFXP to 'yes' on both servers if not already set.

 

cPanel
To do so, you should not edit the main FTP configurations files as they will be overwritten by cPanel with updates. Instead, you should edit the templates that cPanel uses if you want these changes to be preserved.

Pure-FTPd servers
echo "AllowUserFXP: 'yes'" >> /var/cpanel/conf/pureftpd/local
/usr/local/cpanel/scripts/setupftpserver pure-ftpd --force
ProFTPd servers
echo "AllowForeignAddress On" >> /var/cpanel/conf/proftpd/local
/usr/local/cpanel/scripts/setupftpserver proftpd --force


DirectAdmin
For DirectAdmin, you simply just edit the FTP configuration file and restart FTP.

PureFTP
You will add "AllowUserFXP: 'yes'"
nano /etc/pure-ftpd.conf
service pure-ftpd restart
ProFTP
You will add "AllowForeignAddress On" to the top-most block of settings.
nano /etc/proftpd.conf
service proftpd restart


Enabling the Passive Port Range
If you need to configure the passive port range for FTP, here are the instructions to be ran as root via SSH.

 

cPanel
Pure-FTPd servers
echo "PassivePortRange: 30000 30100" >> /var/cpanel/conf/pureftpd/local
/usr/local/cpanel/scripts/setupftpserver pure-ftpd --force
ProFTPd servers
echo "PassivePorts: 30000 30100" >> /var/cpanel/conf/proftpd/local
/usr/local/cpanel/scripts/setupftpserver proftpd --force


DirectAdmin
For DirectAdmin, you simply just edit the FTP configuration file to include "PassivePortRange 35000 35100 " and restart FTP (KnownHost sets this by default).

PureFTP
nano /etc/pure-ftpd.conf
service pure-ftpd restart
ProFTP
nano /etc/proftpd.conf
service proftpd restart


CSF/LFD Firewall
You may also need to adjust the open ports in your firewall to allow ports for passive FTP. You can attempt the connection to the target server while tailing /var/log/messages to see what ports are being attempted so that you may determine the port range that would need to be opened in the firewall.

Those logs indicate a firewall port blocking issue:

[T] 425 Could not open data connection to port 50007: Connection timed out
[i] Transfer Failed: .htaccess
[T] 425 Could not open data connection to port 50008: Connection timed out
[i] Transfer Failed: favicon.ico
Adjusting the ports in Knownhost's DirectAdmin and cPanel servers involves editing the CSF/LFD configuration file. The passive ports may need to be opened in each server (edit /etc/csf/csf.conf files' TCP_IN/TCP_OUT settings, then run 'csf -ra' to restart):

Knownhost limits the open FTP Passive Ports to the range from 30000 to 30100 in cPanel and from 35000 to 35100 in DirectAdmin for PureFTP, but cPanel's default settings is described below 1) How to Enable FTP Passive Mode in cPanel:

In cPanel & WHM version 60 and later, the system enables passive ports 49152 through 65534 for Pure-FTPd servers and ProFTPd servers by default. If you use the CSF firewall plugin, the system also adds passive port ranges to your server's firewall by default.

So you may be required to edit the either the firewall or FTP configuration so that the ports used in both the FTP server and the firewall to match. It is advised to continue to limit the accessible ports as much as possible, so you will want to try to keep this in mind when choosing which to edit and how.

Both DirectAdmin and cPanel servers have a graphical user interface that one can use to adjust the configuration file. You can also edit the open ports in WHM's ConfigServ Security & Firewall section → "csf - ConfigServer Firewall" section –> "Firewall Configuration" button.

It is advised to disable FXP once done to prevent the possibility of FTP bounce attacks.

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

View solution in original post