[ydl-gen] Attempted hack of FTP server

Derick Centeno aguilarojo at verizon.net
Sat Oct 21 06:31:28 MDT 2006 

Hi Eric:

Why don't you try Open Source Tripwire (OST)?

You can read more about it here: 
http://www.tripwire.com/products/enterprise/ost/

You can download it from here:

http://sourceforge.net/projects/tripwire

Once OST is operational it observes your system and provides reports 
should any attempt be made to enter the system.  The reports include 
details such as time of the incident, ports accessed and other events.  
This allows you after you've digested the reports to close those ports 
or take other preventive measures.  There are other security systems 
that are open source as well.  There is an article which may help you 
consider other options besides OST.  Here is that article:

http://searchopensource.techtarget.com/tip/1,289483,sid39_gci1166741,00.html

Caveat:  Keep in mind that the author is discussing Linux running on 
Intel and compatible boxes.  I can state that I've run OST within YDL 
and it worked fine.  I don't run it now as I'm the only person who 
accesses my YDL installation; also I have a hardware firewall which flat 
out beats anything anyway.  It is situated between my incoming 
high-speed broadband and my router.  You pay for it once and that's it.  
It's not open source, but for the home or non-commercial user - it's 
really a nice plus.  Here's the link to that technology if that 
interests you:

http://www.thinkgeek.com/computing/accessories/75f3/

Best wishes....
------------------------------------------------------------------------


Eric Dunbar wrote:
> Two months ago I asked a question regarding my ftp server and
> attempted hack attempts.
>
> Now I have two follow-up questions (well, actually they're
> more-or-less the same questions):
>
> Peter-Paul wrote in August that he was planning to create a perl
> script to monitor log files and dynamically adjust the
> /etc/host.deny/allow files to secure his system.
>
> QUESTION #1 for Peter-Paul: Have you created a perl script to monitor
> your vsftpd log files and block failed login attempts to vsftpd?
>
> QUESTION #2 for everyone who knows vsftpd:
>
> How do you activate the logging function? I've been scouring the help
> documents and tried various settings to see if I could get vsftpd to
> log failed logins (I managed to get file transfers working) and have
> come up empty handed.
>
> Background for both questions:
>
> Attempted logins are continuing and I'd like to be able to stop them
> to cut down on the (presumed) load they place on the computer (it's a
> G3/266 ;-)... yesterday there were 23000 attempts from 64.251.10.105.
>
> I've got the user accounts secured -- only one account is active and
> both the user name and password are unique and unguessable, to say the
> least (and, not displayed or used publicly anywhere AFAIK).
>
> Eric
>
> On 29/08/06, Peter-Paul wrote:
>   
>> Christopher Murtagh wrote:
>>
>>     
>>> On 8/28/06, Eric Dunbar wrote:
>>>
>>>       
>>>> I recently activated vsftpd on my server and I'm noticing statistics
>>>> in the daily server report (automagically sent to root by all servers)
>>>> that suggest someone's trying a dictionary attack (presumably) on my
>>>> ftp server (10000+ login attempts ;-).
>>>>         
>>> Welcome to the world of having a publicly facing machine. :-(
>>> You'll probably get piles of ssh attempts too, and lots of other
>>> things, many of which aren't even Linux related.
>>>       
>
>   
>> I'm planning to create a perlscript that actively monitors my logs and
>> dynamicly adjusts the /etc/hosts.deny/allow files to automaticly secure
>> my system.
>> If you're interested, you're invited/welcome to use it! :)
>>
>>
>>     
>>>> 2. How do I configure the firewall/vsftpd to block repeated
>>>> unsuccessful attempts on the ftp server?
>>>>         
>>> Repeated? The firewall isn't the best place to do that, either a
>>> config in the ftp server or something else. I'm not sure if vsftpd has
>>> this ability or not.
>>>
>>>       
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general at lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'
>
>

More information about the yellowdog-general mailing list