Subscribe to our blog
  Print

FTP Doesn't Work or Stops Working

961 Hits

Symptom

After a clean reboot, FTP over TLS connected to port 21, showed the 331 prompt, then returned 530 Login incorrect. WHM/cPanel login still worked with the same password, which made the issue confusing.

What Worked Temporarily

Opening the passive port range to 49152 through 65534 (in your firewall rules) immediately restored transfers once. After the next reboot the 530 error returned, which ruled out a pure networking problem because TLS negotiation and the server banner were already succeeding.

Root Cause

Password desynchronization between the cPanel account and the ProFTPD/Pure-FTPd virtual user database. cPanel authentication succeeded, but ProFTPD/Pure-FTPd was still using an older hash. Note: This issuse can happen with boht FTP Server types. When the server restarted, ProFTPD/Pure-FTPd read the stale credentials and began rejecting the FTP login.

Quick Fix

Reset the cPanel account password and select the option to synchronize the FTP password. This forces a rebuild of the ProFTPD/Pure-FTPd user data. After doing this, FTP over TLS authenticated normally.

How To Prevent A Repeat

  • Keep the passive port range aligned in both locations: your hosting provider’s platform (such as AWS, Lightsail, EC2, or another third party) and the server’s firewall software. In our case, the setup is AWS EC2 combined with Imunify360.
    • (optional) Configure PassivePorts 49152 65534 in an include file for ProFTPD/Pure-FTPd so it persists across reboots.
  • If you change an account password, do it from WHM or cPanel to trigger an FTP resync. You can also run /scripts/ftpupdate and /scripts/ftpusers to rebuild the database.
  • Check blockers first if you see 530 again: cPHulk history, Imunify360 IP lists, and server logs such as /var/log/ProFTPD/Pure-FTPd/auth.log and /var/log/secure.
  • Consider SFTP on port 22 for routine file management. It uses the system password directly and avoids passive port ranges and ProFTPD/Pure-FTPd syncing.

Takeaway

Hours were lost chasing ports and TLS even though the handshake was fine. The real fix was a simple password reset that resynced ProFTPD/Pure-FTPd with the cPanel account. If you see TLS established followed by 331 and then 530 after a reboot, verify credentials synchronization before diving deep into networking.

1
How do you feel about this post?
Happy (0)
Love (0)
Surprised (0)
Sad (0)
Angry (0)
Will AI Hurt My Online Business and Stop Me From G...
WHMCS allow_url_fopen Off Blocking Automatic Updat...

About the author

The Turn Group

The Turn Group

The Turn Group is a premier CMS Platform "Web Design and Development specialist", renowned for delivering exceptional online digital marketing and branding services. With a focus on quality and innovation, The Turn Group develops high-performing, highly-tailored website solutions to meet the diverse needs of their clients. As a trusted leader in the digital marketing community, The Turn Group is dedicated to helping businesses achieve their online goals.
Author's recent posts
More posts from author
 

Comments

No comments made yet. Be the first to submit a comment
Sunday, 05 October 2025

Creating Online Web Presences Since 2000

With our Nationwide Services – We Build With and Care

We develop in ALL cities and states and are in 62 different countries. Let us know what you need!

Website Design and Development Company The Turn Group

Located in:
We are a U.S. Based and Nationwide Headquarters in Kansas City, MO
By Appointment Only!

OUR SERVICES

OUR SERVICES

ACCOUNT ACCESS

Subscribe to our blog
General Inquiry   |  Sitemap   |  Legal Policies   |  Get a Quote