How to ban IP addresses SUSE/VSFTPD
We are running a Suse 9.1 box with the current version of VSFTPD. The box only runs ftp services, and acts as a "swap space" between our customers and employees (requires authentication).
On occasion, rouge hosts on the Internet will attempt to login to the ftp service using dozens of typical account names (admin, root, backup, oracle, etc) and (what I'm assuming is) dictionary passwords (automatic hacking program). The attackers IP address gets logged in the vsftpd.log file. I would like to implement IP bans on these hosts as they seem to come back and attempt port scans and other exploits after they realize we are running ftp services. What is the best way to go about this? Any information would be greatly appreciated! Tom |
Use iptables and drop the ip's.
-twantrd |
the server is already behind a firewall... would it make more sense to just issue the bans on the gnatbox/firewall?
|
Yes, if you have a firewall outside of your ftp box, that would be the place to block the bad IP.
Peace, JimBass |
I thought there was a file called "ftpaccess" where you could specify trusted/nontrusted IP's.
My 2 cents. |
Quote:
-twantrd |
Quote:
Thanks for the help guys! |
What about
/etc/hosts.allow /etc/hosts.deny ? Cheers, Tink |
All times are GMT -5. The time now is 07:03 AM. |