LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Proftp + Brute Force = Me Angry
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-01-2007, 04:58 PM   #1
BillyGalbreath
Member
 
Registered: Nov 2005
Location: Houston Texas
Distribution: Debian Sid
Posts: 379

Rep: Reputation: 31
Proftp + Brute Force = Me Angry

I am hoping someone knows how I can configure the proftpd server so that it ONLY responds to certain IPs that I grant access too (only about 5 IPs).

Over the past two months I have been running nearly 100 torrents (10 at a time) and my RAM usage maxed out every 2 days, which required a reboot. I figured it was because of the torrents and didnt think twice. Thats what I get for downloading so much crap.

Anyways, Its been a week now and I only have 1 torrent left, which is super duper slow (0.3kb/s), but yet my RAM is still maxing out every 2 days. Obviously, I was wrong about it being the torrents...

So, I started looking through top, and ps ax to see if anything weird was running.. And thats when I saw it. A ftp connection form the user "cycus", which DOES NOT EXIST ON MY BOX. Baffled, I checked the registered users, and the groups and nope, cycus does not exist anywhere. So, I decided to check the proftpd log file to see just how many times this cycus has connected and what (if anything) he has placed onto my computer...

My heart nearly dropped...

55MB log file of brute force attacks from MANY places. Here is a SMALL clip from the log file below. These attempts are a CONSTANT. Every minute of every hour of everyday. Towards the end of my log file it was every second of every minute, then MULTIPLE times every second... It got bad!

Can someone point me in the right direction so these attacks wont effect my computer. I just want proftpd to ignore everything except a few certain IPs I grant access. As for now, proftpd has been purged and removed from the system.

IF it matters, I'm running Debian Lenny/Sid (mixed).

Code:
May 06 07:45:11 debdesk proftpd[11536]: IPv6 getaddrinfo 'debdesk' error: No address associated with hostname
May 06 07:45:21 debdesk proftpd[11536] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session opened.
May 06 07:45:21 debdesk proftpd[11536] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 1 usecs
May 06 07:45:21 debdesk proftpd[11536] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:45:21 debdesk proftpd[11536] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:45:21 debdesk proftpd[11536] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 34 usecs
May 06 07:45:22 debdesk proftpd[11536] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:45:22 debdesk proftpd[11536] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:45:22 debdesk proftpd[11536] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 56 usecs
May 06 07:45:22 debdesk proftpd[11536] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 75 usecs
May 06 07:45:22 debdesk proftpd[11536] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:45:22 debdesk proftpd[11536] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:45:22 debdesk proftpd[11536] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): Maximum login attempts (3) exceeded
May 06 07:45:22 debdesk proftpd[11536] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session closed.
May 06 07:45:23 debdesk proftpd[12057]: IPv6 getaddrinfo 'debdesk' error: No address associated with hostname
May 06 07:45:33 debdesk proftpd[12057] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session opened.
May 06 07:45:33 debdesk proftpd[12057] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:45:33 debdesk proftpd[12057] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:45:33 debdesk proftpd[12057] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 9 usecs
May 06 07:45:33 debdesk proftpd[12057] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 75 usecs
May 06 07:45:34 debdesk proftpd[12057] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:45:34 debdesk proftpd[12057] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:45:34 debdesk proftpd[12057] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 20 usecs
May 06 07:45:34 debdesk proftpd[12057] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 116 usecs
May 06 07:45:34 debdesk proftpd[12057] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:45:34 debdesk proftpd[12057] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:45:34 debdesk proftpd[12057] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): Maximum login attempts (3) exceeded
May 06 07:45:34 debdesk proftpd[12057] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session closed.
May 06 07:45:35 debdesk proftpd[12551]: IPv6 getaddrinfo 'debdesk' error: No address associated with hostname
May 06 07:45:45 debdesk proftpd[12551] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session opened.
May 06 07:45:45 debdesk proftpd[12551] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:45:45 debdesk proftpd[12551] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:45:45 debdesk proftpd[12551] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 27 usecs
May 06 07:45:46 debdesk proftpd[12551] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:45:46 debdesk proftpd[12551] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:45:46 debdesk proftpd[12551] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 36 usecs
May 06 07:45:46 debdesk proftpd[12551] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 60 usecs
May 06 07:45:46 debdesk proftpd[12551] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:45:46 debdesk proftpd[12551] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:45:46 debdesk proftpd[12551] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): Maximum login attempts (3) exceeded
May 06 07:45:46 debdesk proftpd[12551] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session closed.
May 06 07:45:47 debdesk proftpd[12804]: IPv6 getaddrinfo 'debdesk' error: No address associated with hostname
May 06 07:45:57 debdesk proftpd[12804] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session opened.
May 06 07:45:57 debdesk proftpd[12804] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:45:57 debdesk proftpd[12804] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:45:57 debdesk proftpd[12804] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 49 usecs
May 06 07:45:57 debdesk proftpd[12804] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 2 usecs
May 06 07:45:58 debdesk proftpd[12804] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:45:58 debdesk proftpd[12804] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:45:58 debdesk proftpd[12804] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 10 usecs
May 06 07:45:58 debdesk proftpd[12804] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 76 usecs
May 06 07:45:58 debdesk proftpd[12804] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:45:58 debdesk proftpd[12804] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:45:58 debdesk proftpd[12804] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): Maximum login attempts (3) exceeded
May 06 07:45:58 debdesk proftpd[12804] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session closed.
May 06 07:45:59 debdesk proftpd[12808]: IPv6 getaddrinfo 'debdesk' error: No address associated with hostname
May 06 07:46:09 debdesk proftpd[12808] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session opened.
May 06 07:46:09 debdesk proftpd[12808] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:09 debdesk proftpd[12808] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:09 debdesk proftpd[12808] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 2 usecs
May 06 07:46:09 debdesk proftpd[12808] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 21 usecs
May 06 07:46:10 debdesk proftpd[12808] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:10 debdesk proftpd[12808] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:10 debdesk proftpd[12808] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 40 usecs
May 06 07:46:10 debdesk proftpd[12808] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 25 usecs
May 06 07:46:10 debdesk proftpd[12808] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:10 debdesk proftpd[12808] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:10 debdesk proftpd[12808] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): Maximum login attempts (3) exceeded
May 06 07:46:10 debdesk proftpd[12808] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session closed.
May 06 07:46:10 debdesk proftpd[12809]: IPv6 getaddrinfo 'debdesk' error: No address associated with hostname
May 06 07:46:20 debdesk proftpd[12809] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session opened.
May 06 07:46:21 debdesk proftpd[12809] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:21 debdesk proftpd[12809] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:21 debdesk proftpd[12809] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 33 usecs
May 06 07:46:21 debdesk proftpd[12809] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:21 debdesk proftpd[12809] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:21 debdesk proftpd[12809] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 23 usecs
May 06 07:46:22 debdesk proftpd[12809] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 28 usecs
May 06 07:46:22 debdesk proftpd[12809] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:22 debdesk proftpd[12809] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:22 debdesk proftpd[12809] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): Maximum login attempts (3) exceeded
May 06 07:46:22 debdesk proftpd[12809] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session closed.
May 06 07:46:22 debdesk proftpd[12810]: IPv6 getaddrinfo 'debdesk' error: No address associated with hostname
May 06 07:46:32 debdesk proftpd[12810] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session opened.
May 06 07:46:32 debdesk proftpd[12810] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 46 usecs
May 06 07:46:33 debdesk proftpd[12810] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:33 debdesk proftpd[12810] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:33 debdesk proftpd[12810] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 64 usecs
May 06 07:46:33 debdesk proftpd[12810] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 38 usecs
May 06 07:46:33 debdesk proftpd[12810] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:33 debdesk proftpd[12810] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:33 debdesk proftpd[12810] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 124 usecs
May 06 07:46:33 debdesk proftpd[12810] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 79 usecs
May 06 07:46:34 debdesk proftpd[12810] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:34 debdesk proftpd[12810] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:34 debdesk proftpd[12810] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): Maximum login attempts (3) exceeded
May 06 07:46:34 debdesk proftpd[12810] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session closed.
May 06 07:46:34 debdesk proftpd[12814]: IPv6 getaddrinfo 'debdesk' error: No address associated with hostname
May 06 07:46:44 debdesk proftpd[12814] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session opened.
May 06 07:46:45 debdesk proftpd[12814] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:45 debdesk proftpd[12814] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:45 debdesk proftpd[12814] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 4 usecs
May 06 07:46:45 debdesk proftpd[12814] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 56 usecs
May 06 07:46:45 debdesk proftpd[12814] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:45 debdesk proftpd[12814] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:45 debdesk proftpd[12814] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 14 usecs
May 06 07:46:45 debdesk proftpd[12814] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 149 usecs
May 06 07:46:45 debdesk proftpd[12814] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:45 debdesk proftpd[12814] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:45 debdesk proftpd[12814] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): Maximum login attempts (3) exceeded
May 06 07:46:45 debdesk proftpd[12814] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session closed.
May 06 07:46:46 debdesk proftpd[12815]: IPv6 getaddrinfo 'debdesk' error: No address associated with hostname
May 06 07:46:56 debdesk proftpd[12815] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session opened.
May 06 07:46:57 debdesk proftpd[12815] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:57 debdesk proftpd[12815] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:57 debdesk proftpd[12815] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 30 usecs
May 06 07:46:57 debdesk proftpd[12815] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 45 usecs
May 06 07:46:58 debdesk proftpd[12815] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:58 debdesk proftpd[12815] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:58 debdesk proftpd[12815] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 104 usecs
May 06 07:46:58 debdesk proftpd[12815] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:46:58 debdesk proftpd[12815] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:46:58 debdesk proftpd[12815] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): Maximum login attempts (3) exceeded
May 06 07:46:58 debdesk proftpd[12815] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session closed.
May 06 07:46:59 debdesk proftpd[12818]: IPv6 getaddrinfo 'debdesk' error: No address associated with hostname
May 06 07:47:09 debdesk proftpd[12818] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session opened.
May 06 07:47:09 debdesk proftpd[12818] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 47 usecs
May 06 07:47:09 debdesk proftpd[12818] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:47:09 debdesk proftpd[12818] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:47:09 debdesk proftpd[12818] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 25 usecs
May 06 07:47:09 debdesk proftpd[12818] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:47:09 debdesk proftpd[12818] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:47:09 debdesk proftpd[12818] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 24 usecs
May 06 07:47:10 debdesk proftpd[12818] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): mod_delay/0.5: delaying for 34 usecs
May 06 07:47:10 debdesk proftpd[12818] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): no such user 'admin'
May 06 07:47:10 debdesk proftpd[12818] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): USER admin: no such user found from xcaret.dgsca.unam.mx [132.248.200.15] to 192.168.1.197:21
May 06 07:47:10 debdesk proftpd[12818] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): Maximum login attempts (3) exceeded
May 06 07:47:10 debdesk proftpd[12818] debdesk (xcaret.dgsca.unam.mx[132.248.200.15]): FTP session closed.
Last edited by BillyGalbreath; 06-01-2007 at 05:00 PM.
 
Old 06-01-2007, 06:37 PM   #2
arckane
Member
 
Registered: Sep 2005
Location: UK
Distribution: Gentoo/Debian/Ubuntu
Posts: 308

Rep: Reputation: 39
To be honest, the best thing to do for Private FTPs is to change the port from 21 to something else. If you look at the proftpd.conf file you should see the port number, just change it.

You will have to remember to tell people that you want to allow to use the FTP the new port number and they'll be able to connect using:

Code:
ftp://user:pass@IPAddress:port_number
I hope that makes sense.

Other than that, just drop all incoming packets using iptables (look up firewall rules using iptables).
 
Old 06-01-2007, 07:35 PM   #3
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Here is a sample /etc/xinet.d/proftpd file from a gentoo wiki:
Code:
service proftpd
{
...
#Allow access from the local network (ie, 192.168.0.0/24)
only_from   = 192.168.0.0/24
#And from two remote locations
only_from   = 10.1.1.2 sampleconfig.com
#allow from anywhere
only_from   = 0.0.0.0
...
}
So you could do away with the 0.0.0.0 entry and substitute the 3 IPs in the second entry.
 
Old 06-01-2007, 10:04 PM   #4
BillyGalbreath
Member
 
Registered: Nov 2005
Location: Houston Texas
Distribution: Debian Sid
Posts: 379

Original Poster
Rep: Reputation: 31
Thanks guys! I moved my port to something totally random, and I set the "only_from" stuff just to be doubly sure no one trys to brute force me again.

Thank you both very much! XD
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Brute Force... Cottsay Linux - Software 1 03-02-2006 03:58 PM
someone trying to brute force me stitchman Slackware 8 12-16-2005 02:02 PM
Nessus Brute Force Gerardoj Linux - General 0 12-27-2003 04:07 PM
Brute force DHCP SSBN Linux - Networking 10 10-21-2003 10:34 AM
Brute Force kwigibo Linux - General 2 08-01-2002 12:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:36 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration