LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 01-16-2008, 01:00 PM   #1
pricejm
LQ Newbie
 
Registered: Aug 2005
Location: Charleston, SC.
Posts: 17

Rep: Reputation: 0
VSFTP and USER commands


Getting massive hits on this command:

Mon Jan 14 04:53:36 2008 [pid 22609] FTP command: Client "201.48.158.12", "USER Administrator"
Mon Jan 14 04:53:36 2008 [pid 22609] [Administrator] FTP response: Client "201.48.158.12", "530 Non-anonymous sessions must use encryption."

Recently moved to the stand alone and a random port. Should prevent a few...

Anything to prevent these brute force attacks?

I throttle the port connection but does nothing once someone is connected.

Doubt is these hurt me, just annoying, large log files, 15MB once. Definitely a good reason to have a separate file system for /var or email and truncate the log fails like I do

Thanks.
 
Old 01-16-2008, 01:41 PM   #2
Carpo
Member
 
Registered: Aug 2003
Location: Somewhere
Distribution: Gentoo (for now)
Posts: 364

Rep: Reputation: 30
set iptables to block the ips
 
Old 01-16-2008, 01:51 PM   #3
pricejm
LQ Newbie
 
Registered: Aug 2005
Location: Charleston, SC.
Posts: 17

Original Poster
Rep: Reputation: 0
Yeah started that too, most are from other countries...

Just bocking the whole range...211.*.*.*, etc.
 
Old 01-18-2008, 04:47 AM   #4
evilDagmar
Member
 
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480

Rep: Reputation: 31
Quote:
Originally Posted by pricejm View Post
Getting massive hits on this command:

Mon Jan 14 04:53:36 2008 [pid 22609] FTP command: Client "201.48.158.12", "USER Administrator"
Mon Jan 14 04:53:36 2008 [pid 22609] [Administrator] FTP response: Client "201.48.158.12", "530 Non-anonymous sessions must use encryption."

Recently moved to the stand alone and a random port. Should prevent a few...

Anything to prevent these brute force attacks?

I throttle the port connection but does nothing once someone is connected.

Doubt is these hurt me, just annoying, large log files, 15MB once. Definitely a good reason to have a separate file system for /var or email and truncate the log fails like I do

Thanks.
1. Disallow FTP access to all administrator accounts entirely, as they are role accounts, and therefore do not properly tie logged events to a single, actual person.
2. Don't leave freakin' FTP open to the entire planet unless you want the entire planet accessing it. `man 5 hosts_access` because everything that doesn't suck will at least include tcp_wrappers suppport.
 
Old 01-18-2008, 08:18 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,822
Blog Entries: 54

Rep: Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991
...
3. If you have users that only need FTP access try using virtual users.
4. Review your vsftp.conf because you can set up restrictions there.
5. Implement something like Fail2ban next to tcp_wrappers.
 
Old 01-18-2008, 09:04 AM   #6
pricejm
LQ Newbie
 
Registered: Aug 2005
Location: Charleston, SC.
Posts: 17

Original Poster
Rep: Reputation: 0
Thanks for the replies.

I ended up scratching the ftp for sftp, since I have ssh already tightly secure.

If I end up needing ftp over sftp I'll be sure to use your suggestions.

Thanks again.
 
Old 01-19-2008, 02:29 AM   #7
evilDagmar
Member
 
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480

Rep: Reputation: 31
Screw that. Find a way to never have to use ftp again. HTTP made it obsolete, and scp is more secure.
 
Old 01-19-2008, 05:15 AM   #8
Alien_Hominid
Senior Member
 
Registered: Oct 2005
Location: Lithuania
Distribution: Hybrid
Posts: 2,247

Rep: Reputation: 53
HTTP doesn't let you always resume, FTP - does (at least what I know). Try sftp instead of scp (it's more convenient).
 
  


Reply

Tags
command, force, user, vsftpd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[vsftp] User logins, need help. Hyakutake Slackware 2 06-17-2007 08:41 AM
vsftp power user RJL Linux - Software 0 07-21-2004 02:51 PM
vsFTP user permissions scriptkiddie Linux - General 0 06-29-2004 09:14 AM
vsftp user setup kubicon Linux - Networking 7 01-29-2004 06:17 AM
about vsftp chrooted user... raymond Linux - General 5 08-18-2003 10:20 PM


All times are GMT -5. The time now is 06:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration