[TriLUG] denying login attempts to a vsftp server
Jason Watts
jsnonzzr at gmail.com
Tue Nov 27 11:17:49 EST 2007
Not knowing the availability you need to maintain, but why not block the
whole IP range if for example your IP's are comming from aisa?
On Nov 27, 2007 9:46 AM, bak <bak at picklefactory.org> wrote:
> If you are pointing vsftp through pam for authentication/authorization,
> I've found pam_abl (http://www.hexten.net/wiki/index.php/Pam_abl) to be
> a lightweight and effective way to do this. You can also set it up for
> ssh etc. while you're at it. I like to have a little cronjob that
> emails me an activity report a couple times a week.
>
> --bak
>
> Blackburn, Marvin wrote:
> > I have a vsftp server running on rhel 4. On occasion, I get "swamped"
> with
> > connection attempts -- sometimes over 40,000. Usually the culprits have
> one
> > or two ip addresses.
> > I had seen on either this list or the redhat lists, a discussion of a
> > package that would automatically bounce requests from a specific ip
> after
> > "x" number of failures. I cant seem to find the
> > references.
> >
> > I really can use wrappers effectively as the culprit's ip addresses
> change a
> > lot. Any help would be appreciated.
> >
> --
> TriLUG mailing list :
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
More information about the TriLUG
mailing list