LinuxQuestions.org - vsftpd - block ip after failed login

- Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)

- - vsftpd - block ip after failed login (https://www.linuxquestions.org/questions/linux-software-2/vsftpd-block-ip-after-failed-login-773283/)

toredo

12-03-2009 03:13 PM

vsftpd - block ip after failed login

hello,

i use vsftpd, i disabled anonymous users. sometimes i look at the log-files.

and there are much entries from bots. they try to connect to the ftp with users like apache or tomcat. they try it 10, 20, 30 or more times.

can i block them with vsftpd after 5 failed logins for 1 hour or something like this?

best regards
toredo

unSpawn

12-03-2009 04:14 PM

Check out a combination of 'iptables -m recent' and fail2ban or denyhosts?

toredo

12-04-2009 01:42 AM

i dont have installed iptables, because in the kernel, there is netfilter not included.

and i dont like to compile a new kernel. is there not a second way?

thx 4 answer

best regards
toredo

win32sux

12-04-2009 02:18 AM

Quote:

Originally Posted by toredo (Post 3779336)

i dont have installed iptables, because in the kernel, there is netfilter not included.

and i dont like to compile a new kernel. is there not a second way?

One possible alternative would be to have Fail2ban use TCP wrappers instead of iptables.

All times are GMT -5. The time now is 12:13 AM.