Hi,
There are hundreds and thousands of login attempts per day to our FTP server (pure-ftpd, Ubuntu 7.04). Because of them, other, legal, users are getting timeouts.
This is in /var/log/messages:
Code:
May 27 09:38:38 websrv-lindner pure-ftpd: (?@60-249-208-52.HINET-IP.hinet.net) [INFO] New connection from 60-249-208-52.HINET-IP.hinet.net
May 27 09:38:38 websrv-lindner pure-ftpd: (?@60-249-208-52.HINET-IP.hinet.net) [INFO] PAM_RHOST enabled. Getting the peer address
May 27 09:38:40 websrv-lindner pure-ftpd: (?@60-249-208-52.HINET-IP.hinet.net) [WARNING] Authentication failed for user [Administrator]
May 27 09:38:44 websrv-lindner pure-ftpd: (?@60-249-208-52.HINET-IP.hinet.net) [INFO] PAM_RHOST enabled. Getting the peer address
May 27 09:38:46 websrv-lindner pure-ftpd: (?@60-249-208-52.HINET-IP.hinet.net) [WARNING] Authentication failed for user [Administrator]
How to get rid of them?
(BTW, I've been already able to greatly reduce the number of SSH login attempts by applying advanced techniques with iptables suggested
here. Unfortunately, that's a bit high to me, so I'm asking.^^)
Any ideas?
Thanks & cheers
Robert