[ydl-gen] Attempted hack of FTP server
Eric Dunbar
eric.dunbar at gmail.com
Tue Aug 29 07:07:54 MDT 2006
On 29/08/06, Christopher Murtagh wrote:
> On 8/28/06, Eric Dunbar wrote:
> > I recently activated vsftpd on my server and I'm noticing statistics
> > in the daily server report (automagically sent to root by all servers)
> > that suggest someone's trying a dictionary attack (presumably) on my
> > ftp server (10000+ login attempts ;-).
>
> > 3. How do I find out what username/passwords they're using in their
> > dictionary attack? (I'd like to know what is insecure)
>
> I don't think this will benefit you much. You're better off making
> sure that you limit the access to the machine to the accounts that
> need it. Use /etc/vsftpd.user_list, which is a list of users that are
> allowed ftp, you'll need to activate it in the config (see below).
In vsftpd.user_list there's a reference to another solution for
blocking users. The file "/etc/vsftpd.ftpusers" contains a list of
users to deny, and (as far as I can tell), it does ask for a password
(unlike .user_list won't when it's DENYing users) so a potential
hacker won't even be able to discover user names on the system.
Now I'm down to one public user and that user has a secure password
anyway (unlike some of the others... I should really get around to
implementing/learning how to allow passwordless ssh and smb access
specified local machines ;-).
Plus, it doesn't really matter if that account is compromised since
nothing personal is available through that account (though, it could
be used to distribute files, I guess).
Thanks to Chris and Peter-Paul
More information about the yellowdog-general
mailing list