[ydl-gen] Attempted hack of FTP server
Christopher Murtagh
christopher.murtagh at gmail.com
Mon Aug 28 22:13:23 MDT 2006
On 8/28/06, Eric Dunbar <eric.dunbar at gmail.com> wrote:
> I recently activated vsftpd on my server and I'm noticing statistics
> in the daily server report (automagically sent to root by all servers)
> that suggest someone's trying a dictionary attack (presumably) on my
> ftp server (10000+ login attempts ;-).
Welcome to the world of having a publicly facing machine. :-(
You'll probably get piles of ssh attempts too, and lots of other
things, many of which aren't even Linux related.
> 1. Will the firewall provide protection against these attempts with
> the defaults (I'm not 100% sure how to read the defaults yet)?
If you don't allow external ftp, your firewall will help, but nothing
is 100%. However, the firewall won't help if you need to keep port 21
open to the public.
> 2. How do I configure the firewall/vsftpd to block repeated
> unsuccessful attempts on the ftp server?
Repeated? The firewall isn't the best place to do that, either a
config in the ftp server or something else. I'm not sure if vsftpd has
this ability or not.
> 3. How do I find out what username/passwords they're using in their
> dictionary attack? (I'd like to know what is insecure)
I don't think this will benefit you much. You're better off making
sure that you limit the access to the machine to the accounts that
need it. Use /etc/vsftpd.user_list, which is a list of users that are
allowed ftp, you'll need to activate it in the config (see below).
> 4. Is there a GUI interface for the firewall that's intelligible
> (WebMin sort of allows access but you need to understand its syntax to
> do anything more than open up/closing ports and allowing access to
> certain machines).
I haven't seen a decent IPTables GUI yet. It's a bit of a pain, but
it's worth learning how to build your own firewall rules. There is a
ton of info on the net, some of it good, some of it bad.
> PS Is there a better ftp server to use than vsftpd? It's quick and
> dirty but it's not really that easily configured (I'd like to specify
> ftp access for only certain users, and even then only for certain
> directories).
vsftpd is actually pretty decent and has a decent security record
(which is probably why it is the default ftp server on RH machines).
It's a bit of a pain to configure, plus the default config script
doesn't have all the config options. Check the man pages, especially:
man vsftpd.conf
It's fairly well documented.
Cheers,
Chris
More information about the yellowdog-general
mailing list