[ydl-gen] Attempted hack of FTP server
Eric Dunbar
eric.dunbar at gmail.com
Sat Oct 21 05:22:05 MDT 2006
Two months ago I asked a question regarding my ftp server and
attempted hack attempts.
Now I have two follow-up questions (well, actually they're
more-or-less the same questions):
Peter-Paul wrote in August that he was planning to create a perl
script to monitor log files and dynamically adjust the
/etc/host.deny/allow files to secure his system.
QUESTION #1 for Peter-Paul: Have you created a perl script to monitor
your vsftpd log files and block failed login attempts to vsftpd?
QUESTION #2 for everyone who knows vsftpd:
How do you activate the logging function? I've been scouring the help
documents and tried various settings to see if I could get vsftpd to
log failed logins (I managed to get file transfers working) and have
come up empty handed.
Background for both questions:
Attempted logins are continuing and I'd like to be able to stop them
to cut down on the (presumed) load they place on the computer (it's a
G3/266 ;-)... yesterday there were 23000 attempts from 64.251.10.105.
I've got the user accounts secured -- only one account is active and
both the user name and password are unique and unguessable, to say the
least (and, not displayed or used publicly anywhere AFAIK).
Eric
On 29/08/06, Peter-Paul wrote:
> Christopher Murtagh wrote:
>
> >On 8/28/06, Eric Dunbar wrote:
> >
> >>I recently activated vsftpd on my server and I'm noticing statistics
> >>in the daily server report (automagically sent to root by all servers)
> >>that suggest someone's trying a dictionary attack (presumably) on my
> >>ftp server (10000+ login attempts ;-).
> >
> >Welcome to the world of having a publicly facing machine. :-(
> >You'll probably get piles of ssh attempts too, and lots of other
> >things, many of which aren't even Linux related.
> I'm planning to create a perlscript that actively monitors my logs and
> dynamicly adjusts the /etc/hosts.deny/allow files to automaticly secure
> my system.
> If you're interested, you're invited/welcome to use it! :)
>
>
> >>2. How do I configure the firewall/vsftpd to block repeated
> >>unsuccessful attempts on the ftp server?
> >
> >Repeated? The firewall isn't the best place to do that, either a
> >config in the ftp server or something else. I'm not sure if vsftpd has
> >this ability or not.
> >
More information about the yellowdog-general
mailing list