Security Basics mailing list archives
Re: Massive failed FTP attempts.
From: Oumar Niane <jpon () jpon org>
Date: Tue, 11 Sep 2007 21:48:25 +0200
Hi Michael, On Fri, Aug 31, 2007 at 08:32:39PM -0700, Michael Nielson wrote :
first what are they trying to do? Crack my password?
Yes. It looks like a brute force attack.
Or exploit a bug with proftpd?
May be the next step ;-)
More important what can I do to limit the number of attempts on my server?
You can try these iptables rules ( man iptables for details ): iptables -A INPUT -p tcp --dport 21 -m recent --update --seconds 60 --hitcount 4 --name FTP -j DROP iptables -A INPUT -p tcp --dport 21 -m recent --set --name FTP iptables -A INPUT -p tcp --dport 21 -j ACCEPT Or if you don't write your own iptables rules, give a try to fail2ban http://fail2ban.sourceforge.net/ Besides, as others already suggest, you can use a random port instead of the default port 21. Most important, make sure your version of proftpd is up to date. Hope this helps, Oumar -- One OS to rule them all, One OS to find them. One OS to call them all, And in salvation bind them. In the bright land of Linux, Where the hackers play. (J. Scott Thayer, with apologies to J.R.R.T.)
Current thread:
- Massive failed FTP attempts. Michael Nielson (Sep 04)
- Re: Massive failed FTP attempts. l00t3r (Sep 04)
- RE: Massive failed FTP attempts. Paul Conaghan (Sep 04)
- RE: Massive failed FTP attempts. whip (Sep 11)
- RE: Massive failed FTP attempts. Dan Denton (Sep 12)
- RE: Massive failed FTP attempts. whip (Sep 11)
- RE: Massive failed FTP attempts. James Finnican (Sep 04)
- RE: Massive failed FTP attempts. Mark Sutton (Sep 05)
- Re: Massive failed FTP attempts. Robert Bauer (Sep 06)
- Re: Massive failed FTP attempts. Robert Bauer (Sep 07)
- Re: Massive failed FTP attempts. Oumar Niane (Sep 11)