[TriLUG] denying login attempts to a vsftp server

Blackburn, Marvin mblackburn at glenraven.com
Tue Nov 27 11:36:42 EST 2007


There is no way to really predict this as "script kiddies" know no bounds. 

-----Original Message-----
From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On Behalf
Of Jason Watts
Sent: Tuesday, November 27, 2007 11:18 AM
To: Triangle Linux Users Group General Discussion
Subject: Re: [TriLUG] denying login attempts to a vsftp server

Not knowing the availability you need to maintain, but why not block the
whole IP range if for example your IP's are comming from aisa?

On Nov 27, 2007 9:46 AM, bak <bak at picklefactory.org> wrote:

> If you are pointing vsftp through pam for authentication/authorization,
> I've found pam_abl (http://www.hexten.net/wiki/index.php/Pam_abl) to be
> a lightweight and effective way to do this.  You can also set it up for
> ssh etc. while you're at it.  I like to have a little cronjob that
> emails me an activity report a couple times a week.
>
> --bak
>
> Blackburn, Marvin wrote:
> > I have a vsftp server running on rhel 4.  On occasion, I get "swamped"
> with
> > connection attempts -- sometimes over 40,000.  Usually the culprits have
> one
> > or two ip addresses.
> > I had seen on either this list or the redhat lists, a discussion of a
> > package that would automatically bounce requests from a specific ip
> after
> > "x" number of failures.  I cant seem to find the
> > references.
> >
> > I really can use wrappers effectively as the culprit's ip addresses
> change a
> > lot.  Any help would be appreciated.
> >
> --
>  TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
-- 
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3921 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20071127/683293ea/attachment.bin>


More information about the TriLUG mailing list