Security Basics mailing list archives
Re: Massive failed FTP attempts.
From: l00t3r <l00t3r () gmail com>
Date: Tue, 4 Sep 2007 13:37:58 -0400
We have lots 80,000+ brute force attacks on users such as root, administrator, ftp (basically anything default). Make sure your proftpd is up to date (you may also want to looking into something more secure such as sftp) and disable any default accounts from logging in, also enforce a strict password policy for users that can use ftp. Good luck! On 8/31/07, Michael Nielson <safetytrick () gmail com> wrote:
I run several small LAMP virtual servers, I've noticed a large amount of failed FTP login attempts, these all attempt to login with common FTP usernames like Administrator, or webmaster (the FTP server is proFTPd version 1.2.10). The attacker will try from one IP address maybe 30 or 40 times and then moving to a new IP address. I have several questions, first what are they trying to do? Crack my password? Or exploit a bug with proftpd? I've been more diligent about choosing a difficult to break password. More important what can I do to limit the number of attempts on my server? Thanks tons! Michael
Current thread:
- Massive failed FTP attempts. Michael Nielson (Sep 04)
- Re: Massive failed FTP attempts. l00t3r (Sep 04)
- RE: Massive failed FTP attempts. Paul Conaghan (Sep 04)
- RE: Massive failed FTP attempts. whip (Sep 11)
- RE: Massive failed FTP attempts. Dan Denton (Sep 12)
- RE: Massive failed FTP attempts. whip (Sep 11)
- RE: Massive failed FTP attempts. James Finnican (Sep 04)
- RE: Massive failed FTP attempts. Mark Sutton (Sep 05)
- Re: Massive failed FTP attempts. Robert Bauer (Sep 06)
- Re: Massive failed FTP attempts. Robert Bauer (Sep 07)
- Re: Massive failed FTP attempts. Oumar Niane (Sep 11)