[ydl-gen] Attempted hack of FTP server
Eric Dunbar
eric.dunbar at gmail.com
Mon Aug 28 21:59:29 MDT 2006
Hi all,
I recently activated vsftpd on my server and I'm noticing statistics
in the daily server report (automagically sent to root by all servers)
that suggest someone's trying a dictionary attack (presumably) on my
ftp server (10000+ login attempts ;-).
I just activated the 'Linux firewall' (iptables?) and used the
defaults to grant a few local machines unlimited access (so I could
use Samba, AppleShare and X without having to figure out which ports
do what).
My questions are...
1. Will the firewall provide protection against these attempts with
the defaults (I'm not 100% sure how to read the defaults yet)?
2. How do I configure the firewall/vsftpd to block repeated
unsuccessful attempts on the ftp server?
3. How do I find out what username/passwords they're using in their
dictionary attack? (I'd like to know what is insecure)
4. Is there a GUI interface for the firewall that's intelligible
(WebMin sort of allows access but you need to understand its syntax to
do anything more than open up/closing ports and allowing access to
certain machines).
PS Is there a better ftp server to use than vsftpd? It's quick and
dirty but it's not really that easily configured (I'd like to specify
ftp access for only certain users, and even then only for certain
directories).
Thanks, Eric.
More information about the yellowdog-general
mailing list