Solved

Prevent VSFTPD from looping attempts

Posted on 2006-07-04
7
369 Views
Last Modified: 2008-01-09
Experts,

How can I sercure my VSFTP Server from looping attempts? With this looping attempts it causes internet connection to decrease the bandwidth. They are using a unknown user/password but I think it has an effect to the server's attention that cause slow internet connection. How can set my VSFTP to 3 or 10 times attempts then beyond that unsuccessfull connection it totally blocked the connecting IP?

Thanks:)
0
Comment
Question by:marvelsoft
  • 3
  • 3
7 Comments
 
LVL 16

Expert Comment

by:xDamox
ID: 17038828
Hi,

You should uses pam_abl

http://www.hexten.net/pam_abl/

Once you have installed pam_abl just edit your /etc/pam.d/vsftpd file and add:

auth        required        /lib/security/pam_abl.so config=/etc/security/pam_abl.conf
0
 

Author Comment

by:marvelsoft
ID: 17040090
Hi xDamox,

I've encountered difficulty on installing pam_abl. Im looking for a compile installer of pam_abl using apt-get but I could'nt find anything. If so, is there a package in debian for pam_abl?

My second option using shorewall(sarge) for this. Below is my code:
====================
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 4 -j DROP
====================

But my problem is how can incorporated this code in shorewall?


Thanks:)


0
 

Author Comment

by:marvelsoft
ID: 17040093
That code is for ssh. can I do that also in vsftpd?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 16

Expert Comment

by:xDamox
ID: 17041289
Hi,

What distrobution are you using? Also the iptables should work just change the port to 21
0
 

Author Comment

by:marvelsoft
ID: 17043713
Hi,

Debian Sarge Linux 2.6.8-3-686-smp i686 GNU/Linux is kernel version and im using apt-get method and get files from Debian FTPs (deb http://debian.logiclinux.com/debian/ stable main).

That must be port 21 for ftp I omitted. What I mean is how can I incorporate this code below in shorewall?

====================
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 4 -j DROP
====================

Thanks :)
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17044378
Hi,

I aint messed with shorewall, but I think you SSH into shorewall and add the rule to your INPUT rules.
0
 
LVL 18

Accepted Solution

by:
decoleur earned 125 total points
ID: 17116125
marvelsoft-

I tried pam_abl as well and had no luck with getting it to work. what I have gotten great successfrom is portsentry... you can use apt-get to acquire it (I think)

Package: portsentry (1.2-10)
http://packages.debian.org/unstable/net/portsentry
Securing and Optimizing Linux: RedHat Edition -A Hands on Guide -14.5. PortSentry
http://www.faqs.org/docs/securing/chap14sec116.html
PortSentry and Snort Compared
http://www.linux.ie/articles/portsentryandsnortcompared.php

the only down side is that you have to unblackhole the blocked group every once in a while.

hope this helps

-t
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Fine Tune your automatic Updates for Ubuntu / Debian
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question