LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Stopping vsftp login attempts?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-17-2006, 02:36 PM   #1
ExoZagNoid
Member
 
Registered: Jun 2004
Location: Gibbons, Alberta, Canada
Distribution: Fedora Core
Posts: 51

Rep: Reputation: 15
Stopping vsftp login attempts?

I have vsftp running on a spare computer just for learning and testing. Is there any way to stop people from hammering my system with (I believe they're called) dictionary attacks? I'm in no way a network security guru and there is nothing important on this server, but it's just annoying and wasting my bandwidth.

/var/log/messages:

Mar 17 13:33:13 jackson vsftpd(pam_unix)[23884]: check pass; user unknown
Mar 17 13:33:13 jackson vsftpd(pam_unix)[23884]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=211.43.63.2
Mar 17 13:33:16 jackson vsftpd(pam_unix)[23884]: check pass; user unknown
Mar 17 13:33:16 jackson vsftpd(pam_unix)[23884]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=211.43.63.2
Mar 17 13:33:19 jackson vsftpd(pam_unix)[23884]: check pass; user unknown
Mar 17 13:33:19 jackson vsftpd(pam_unix)[23884]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=211.43.63.2

on and on....different IP's from all over.

(btw, 211.43.63.2 is the "Dongeui Technical High School". Just a kid screwing around I guess.)

Sorry if this is a easy fix. Like I said it's for learning.
Thx,
Exo
 
Old 03-17-2006, 03:16 PM   #2
Aperculum
LQ Newbie
 
Registered: Mar 2006
Location: Finland
Distribution: Gentoo
Posts: 13

Rep: Reputation: 0
You could put it inside your home network or if the same computer is working as a router for your network you can specify listen_address in vsftpd config file so it will only answer to connections from within your network. Read vsftpd.conf manpage for more info about listen_address
 
Old 03-17-2006, 04:58 PM   #3
ExoZagNoid
Member
 
Registered: Jun 2004
Location: Gibbons, Alberta, Canada
Distribution: Fedora Core
Posts: 51

Original Poster
Rep: Reputation: 15
Thx Aperculum.
I don't have it acting as a router. I have ftp ports opened up on a hardware router forwarded to this machine. I like having the ftp accessible from the internet also. What if I ran vsftp on a different port? Would the scans still find the ftp if I ran it higher up? Would that negatively affect performance? I'm pretty much the only one who accesses this server.

Reading about how some people are getting hammered on their ssh ports makes me think that there is no easy fix for this either. I guess I'd have to have a script that bans (in real-time) IP's that try to log in more than X times in X minutes:seconds. Or (like I've been doing), shut down ftp when I notice it, and start it a short time later.

Thx,
Exo
 
Old 03-18-2006, 01:56 PM   #4
major.tom
Member
 
Registered: Jun 2003
Location: Canada
Distribution: Slackware (current); Gentoo (newbie)
Posts: 142

Rep: Reputation: 15
You could modify sshblack (http://www.pettingers.org/code/sshblack.html) to scan your vsftp logs and blacklist repeated failed login attempts. It's more of a sticky honeypot, actually, since it frees ip addresses after a pre-specified time.

It requires perl and iptables. Seems to work pretty well.

Garry
 
Old 03-18-2006, 08:46 PM   #5
ExoZagNoid
Member
 
Registered: Jun 2004
Location: Gibbons, Alberta, Canada
Distribution: Fedora Core
Posts: 51

Original Poster
Rep: Reputation: 15
Thx major.tom,
This is pretty much the banning script I was talking about. Thx for the link. I'll check into it.
Exo
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH login attempts Capt_Caveman Linux - Security 225 11-07-2009 09:55 AM
Stopping Standalone vsftp rickh Linux - Software 2 06-02-2005 11:22 PM
Login attempts phatboyz Linux - Security 1 10-11-2004 01:57 PM
vsftp - limit login attempts bandersson Linux - Security 0 01-01-2003 04:37 PM
slow login attempts Syncrm Linux - General 1 05-21-2002 09:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:06 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration