LinuxQuestions.org - proftpd: How to set retry delay after failed logins ?

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - proftpd: How to set retry delay after failed logins ? (https://www.linuxquestions.org/questions/linux-server-73/proftpd-how-to-set-retry-delay-after-failed-logins-826812/)

slacker_et

08-17-2010 12:34 PM

proftpd: How to set retry delay after failed logins ?

How do you configure proftpd so that once a user has failed to login and reached the MaxLoginAttempts. That they can not retry logging in for another 4 hours ?

I've been reading through proftpd's list of directives; but I can not find the answer.
And I feel it's probably staring me in the face. :(

Thanks;
--ET

paulsm4

08-17-2010 12:47 PM

Hi -

MaxLoginAttempts controls how many times a user can try to log in before he gets disconnected.

AFAIK, he can try connecting again as many times as he wants, as often as he wants.

Sorry I can't be more helpful :(

bathory

08-17-2010 01:08 PM

Hi,

It can be done with mod_ban
Check if your proftpd is compiled with the mod_ban module by running:

Code:

proftpd -l

Regards

slacker_et

08-17-2010 01:30 PM

Thanks !

I had JUST stumbled upon this site:
http://freebsd.munk.me.uk/archives/2...lockhosts.html

Which displayed this code:

Code:

MaxLoginAttempts 1





  BanEngine on

  BanLog /var/log/proftpd-ban.log

  BanTable /var/db/proftpd/ban.tab



  # If the same client reaches the MaxLoginAttempts limit 2 times

  # within 10 minutes, automatically add a ban for that client that will expire after 24 hours.

  BanOnEvent MaxLoginAttempts 2/00:10:00 24:00:00



  # Configure a rule to automatically ban scripts looking for anonymous servers to which they can upload

  # will expire after ~100 hours

  BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99



  # Allow the FTP admin(-s) to manually add/remove bans

  BanControlsACLs all allow user vasya,john,rediska



  BanMessage "GO AWAY! [ %a ]"

The first half of that code looks like EXACTLY what is needed.
But it doesn't look like our proftpd was compiled with mod_ban. Bummer.:(

--ET

bathory

08-17-2010 01:54 PM

You can download the source and compile it yourself adding support for mod_ban.
Running

Code:

proftpd -V

in the stock Slackware package (I assume you use Slackware) should tell you the configure options used:

Quote:

'--enable-ipv6' '--localstatedir=/var/run' '--with-modules=mod_readme:mod_ratio:mod_tls:mod_wrap:mod_ctrls_admin' '--build=i486-slackware-linux' 'build_alias=i486-slackware-linux' 'CFLAGS=-O2 -march=i486 -mtune=i686'

so you can add mod_ban like this:

Code:

./configure --enable-ipv6 --localstatedir=/var/run --with-modules=mod_readme:mod_ratio:mod_tls:mod_wrap:mod_ctrls_admin:mod_ban --build=i486-slackware-linux build_alias=i486-slackware-linux CFLAGS=-O2 -march=i486 -mtune=i686 --prefix=/usr --sysconfdir=/etc

The last 2 options are used so your proftpd installation looks in accordance with Slack package. Of course you should uninstall the proftpd package prior running "make install"

Regards

slacker_et

08-17-2010 03:15 PM

Thank you Bathory !

I'm currently doing this on a RHEL server that is not mine.
And I'm hitting road blocks while trying to compile;
ie. no it's a bare bones server with no compilers installed.

So now it's a matter of either being allowed to install the compilers; OR compile on another system.

Thanks !
--ET

bathory

08-17-2010 03:50 PM

It looks like mod_ban is included in recent proftpd-1.3.2d-1 RHEL packages. Do a search here and get the one for your distro

Regards

All times are GMT -5. The time now is 10:39 AM.