all groups > iis ftp > february 2006 >
You're in the

iis ftp

group:

FTP Error: 500 Invalid PORT Command


FTP Error: 500 Invalid PORT Command John Kotuby
2/8/2006 4:10:53 PM
iis ftp:
Hi all,

We have an FTP service residing on a Win2K server behind a firewall/router
on our local LAN. We use this FTP service to send/retrieve files from remote
customer sites over the public Internet. The FTP site requires a login.

Recently we were getting System messages that a "bot" of some sort was
trying to log into the Guest or Administrateur account every second. Of
course we had the Guest account disabled and for some reason the "bot" was
not trying to log into Administrator account. I immediately shut down the
FTP service and then configured the firewall to use a virtual IP that would
send external requests from a higher numbered Port to Port 21 on our FTP
server.

From a remote site I was able to log in, but as soon as the directory
listing was requested, I would get the 500 Invalid PORT Command error. After
some experimentation I found that if I set the Internet Options to Use
Passive FTP, the problem seemed to disappear. In searching for MS
documentation about that error, I did not see that technique mentioned.
There were articles about "ephemeral" communications ports being requested
by the FTP client under certain circumstances leading to the 500 error, but
no clear instructions about how to remedy the problem. Most just mentioned
that it was a problem requiring proper firewall configuation, but no mention
of what that configuration entailed. I would appreciate being pointed to an
article that clearly explains how to run FTP on an alternate Port
configuration without encountering a problem.

Also, is there any way to remove the Administrator account when specifying
that Anonymous login is not ot be used? In IIS manager I see no way of
removing the Administrators group even if I specify a particular login.
Every hacker in the world usually attacks the Administrator account.

My next option is to use a webDAV enabled folder with SSL on our internal
web server instead of FTP, but I am having trouble configuring Certificate
Services on our Win2003 server such that it will generate a certificate for
our Win2K server, which is the default remote access machine. But I guess
that question is for another newsgroup.

Thanks all in advance...

Re: FTP Error: 500 Invalid PORT Command Bernard Cheah [MVP]
2/24/2006 12:00:00 AM
Well, the invalid 500 port error is related to NAT, and my understanding is
that - your NAT is not doing its job when ftp is not binding on the default
port. There's too many posts regarding the NAT and 500 error. I would
suggest you try google groups.

next, for administrator account. what you can do is make sure the
administrator account has NO access to the ftp folder and files at all. This
can be done via removing NTFS permissions for the admin account. When hacker
try to login they will get access denied even they got the correct password.

For your webdav issue, you can post the the .iis general group.



--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.
Don't see what you're looking for? Try a search.
View other messages in the iis ftp group.
AddThis Social Bookmark Button
View Other Months
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
home · blog · groups Questions? Comments? Contact the dn