• I received a letter today from my ISP saying that Word Press is attempting to do something called “port binding” and says I need to edit or debug the script. I have no idea how to do this; I am not a programmer. Can anyone help direct me through this? I don’t even know where to start. The text of the email follows :

    ————————————-

    It has come to our attention that you have a script/application in your
    webspace that is attempting to bind a port to the local servers IP address.

    To bind a port in such a fashion, this would require you to have a Dedicated
    Server. Currently you are signed up for one of our Shared hosting packages
    which do not allow port binding.

    The script that you are using is located at the path specified below:

    u35596838 has /kunden/usr/bin/perl listening on *:9098:

    The script was executed with the following command:

    Commandline: pure-ftpd (IDLE)

    There are steps that you can take to correct this in most cases. We recommend
    that you take a close look at your script to determine if you are trying to
    make an FTP connection. When attempting to make an Active (PORT) connection,
    this requires the local server to listen on a port. Changing the script to make
    a Passive (PASV) connection will cause the remote server to listen on a
    specified port, thus eliminating the scripts attempt to bind to a local port.

    Example of a short PHP script that uses passive ftp:

    <?php $file = ‘somefile.txt’;
    $remote_file = ‘readme.txt’;

    // set up basic connection
    $conn_id = ftp_connect($ftp_server);

    // login with username and password
    $login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);

    // turn passive mode on
    ftp_pasv($conn_id, true);

    // upload a file
    if (ftp_put($conn_id, $remote_file, $file, FTP_ASCII)) {
    echo “successfully uploaded $file\n”;
    } else {
    echo “There was a problem while uploading $file\n”;
    }

    // close the connection
    ftp_close($conn_id);
    ?>

    You can see in the script the connection type is specified with the line:

    ftp_pasv($conn_id, true);

    This is the most important line in the script which turns passive mode on which
    will prevent the script from binding a local port.

    If you did not write the script/application, we recommend that you contact the
    developer for further help in resolving this issue. Reminder, we do not provide
    any type of script debugging and will not analyze your script to determine what
    is causing the attempt to bind a port.

    ———————————-
    (The rest was just warnings to me to change it or have my webspace locked out.)

    I don’t want to take WordPress off as it has taken me this long to get it running.
    They are telling me to contact my developer (that would be WordPress) for help.
    So, help, please!

    Karen

Viewing 15 replies - 1 through 15 (of 21 total)
  • For starters, WordPress is written in PHP, not Perl. Secondly it does not run a FTP daemon for you. This is not a WordPress issue but something else you might have inadvertantly installed or enabled.

    Regards

    Thread Starter kwint

    (@kwint)

    OK, that’s good to know. Any idea how I can just remove whatever the offending thing is? I have not installed anything other than WordPress because, honestly, I don’t know enough to mess around with my site?

    I don’t know what that is either but you could probably ask your host to remove the script for you.

    You could probably ask themn to clear out your usr/bin/perl folder since that’s where the offending script is located.

    pure-ftpd is an FTP server, sounds like somehow it got loaded into your folder and is trying to run.

    -tg

    I always had problems with pure-ftpd showing up on my “old host” – which they denied being anything they had anything to do with.

    Since I wasn’t running an ftp server anywhere, and since WS_FTP Pro (my ftp client) hasn’t any info or inclusions re pure-ftpd (according to support at Ipswitch), one assumes the support folks at the host can’t find their butts with both hands and a flashlight….

    My “new host” doesn’t seem to have this problem at all. Since my “old host” also “was forced” to remove Fantastico, and no longer allows installs of anything like wp, phpbb, etc. because “they aren’t safe under ANY circumstances” (which to me indicates a total lack of knowledge as far as running a webhosting service), I’d suggest you look for a new host as soon you can afford to do so.

    Thread Starter kwint

    (@kwint)

    Since I’ve never installed anything but WordPress on this host, can I assume that the glitch came from their side rather than something I did? If I ask them to clean out the usr/bin/perl folder as TechGnome suggests, will there be any impact to my WordPress blog at all?

    Sorry for being dense, friends, but I’m not a programmer, just a user who thought that WordPress looked like a great solution for a customizable blog on my own site.

    It won’t affect WordPress at all. WordPress runs on PHP, not perl. perl has nothing to do with WordPress.

    /usr/bin/perl is just the perl interpreter. You need to clear out the script that invoked it. Maybe a very badly behaved plugin?

    Thread Starter kwint

    (@kwint)

    I have never installed anything but WordPress on my site, so I don’t know what it could be.

    However, I started using the ftp program Transmit 3.0 for the Mac from Panic.com about 10 days ago, and I noticed last night that it had a default setting of “use passive PASV mode” for uploads. I turned that off, then, thinking I’d be even safer, went back to the 2.6 version that doesn’t give a ‘use PASV mode’ option. I’m wondering if this was the problem since my ISP mentioned something about PASV and ‘port binding.’ I still haven’t heard back from them but I’m keeping my fingers crossed that the new Transmit version was the culprit. I hope so.

    Moderator James Huff

    (@macmanx)

    If you can, get your host to enable Shell (SSH) access and start using SFTP instead of FTP. SFTP works like FTP, but it also secures and encrypts the connection via SSH. For SFTP access on a Mac, you can use either Fugu or Cyberduck. Both are 100% free. I recommend Fugu, but I also use Cyberduck from time to time.

    If you did not install the perl script, you need to seriously consider whether your account has been compromised.

    Which version of WordPress are you using?

    Thread Starter kwint

    (@kwint)

    Skippy … it is version 1.5.1.3 which I downloaded here August 1.

    Macmanx, thanks for the tip on SFTP and Fugu/Cyberduck.

    Moderator James Huff

    (@macmanx)

    kwint, you should upgrade to v1.5.2 as soon as possible.

    Thread Starter kwint

    (@kwint)

    I will do the upgrade, thanks. Do you think that might solve the problem the ISP is complaining about – something about a script ‘port binding’ instead of using PASV mode.

    Does WordPress do *anything* related to this complaint? The only thing I do with my site is upload files using Adobe GoLive or Transmit … and post to my WordPress blog. That’s it. I am stumped.

    Moderator James Huff

    (@macmanx)

    I will do the upgrade, thanks. Do you think that might solve the problem the ISP is complaining about – something about a script ‘port binding’ instead of using PASV mode.

    Does WordPress do *anything* related to this complaint?

    No. WordPress v1.5.2 does fix a security hole, but it has nothing to do with “‘port binding’ instead of using PASV mode.”

    Oh, and don’t use GoLive to upload your files. It has been the cause of quite a few problems around here. Don’t believe me? Try this search ^_- . In fact, GoLive may be causing your “‘port binding’ instead of using PASV mode” problem.

Viewing 15 replies - 1 through 15 (of 21 total)
  • The topic ‘Angry ISP says I need to fix script. Help!’ is closed to new replies.