ProFTPd 1.31 and mod_ban...

tiger.woods · 12-06-2009, 09:40 PM

I'm noticing my server is getting hit pretty hard by what I assume is a brute force attack on my FTP server. I noticed that the mod_ban that proFTPd has in 1.32 isn't installed on 1.31. Can I implement something on 1.31 that will help with the attack? will mod_ban work or MaxLoginAttempts 1.31?

I could use some help implementing...

Thanks.

TW,

bathory · 12-07-2009, 12:27 PM

Hi,

mod_ban is available since proftpd-1.2.x, so I guess it's not compiled in the proftpd package you're using. You can try to find a proftpd package with mod_ban compiled-in, or you can compile proftpd yourself and add the modules you want.
As an alternative consider using fail2ban that already contains a module to support proftpd.

Regards

tiger.woods · 12-07-2009, 06:32 PM

Thanks for the reply bathroy,

After doing some looking I found in /usr/lib/proftpd

mod_ban.so
mod_ban.a
mod_ban.la

So I think the mod_ban is compiled in but I don't see a config file? should I simply create a config file similar to the installation instructions (http://www.castaglia.org/proftpd/mod...Installation)?

bathory · 12-08-2009, 12:36 AM

Quote:

So I think the mod_ban is compiled in but I don't see a config file? should I simply create a config file similar to the installation instructions (http://www.castaglia.org/proftpd/mod...Installation)?

It looks like mod_ban is compiled as a dso, while the instructions are talking for the case the module is compiled in proftpd.
Reading the proftpd dso documentation, it looks like you have to add

Code:

LoadModule mod_ban.c

, before using the module.

Regards

tiger.woods · 12-08-2009, 05:50 AM

Ah, thanks for the help I hot it going.

TW,