• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 394
  • Last Modified:

Prevent VSFTPD from looping attempts

Experts,

How can I sercure my VSFTP Server from looping attempts? With this looping attempts it causes internet connection to decrease the bandwidth. They are using a unknown user/password but I think it has an effect to the server's attention that cause slow internet connection. How can set my VSFTP to 3 or 10 times attempts then beyond that unsuccessfull connection it totally blocked the connecting IP?

Thanks:)
0
marvelsoft
Asked:
marvelsoft
  • 3
  • 3
1 Solution
 
xDamoxCommented:
Hi,

You should uses pam_abl

http://www.hexten.net/pam_abl/

Once you have installed pam_abl just edit your /etc/pam.d/vsftpd file and add:

auth        required        /lib/security/pam_abl.so config=/etc/security/pam_abl.conf
0
 
marvelsoftAuthor Commented:
Hi xDamox,

I've encountered difficulty on installing pam_abl. Im looking for a compile installer of pam_abl using apt-get but I could'nt find anything. If so, is there a package in debian for pam_abl?

My second option using shorewall(sarge) for this. Below is my code:
====================
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 4 -j DROP
====================

But my problem is how can incorporated this code in shorewall?


Thanks:)


0
 
marvelsoftAuthor Commented:
That code is for ssh. can I do that also in vsftpd?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
xDamoxCommented:
Hi,

What distrobution are you using? Also the iptables should work just change the port to 21
0
 
marvelsoftAuthor Commented:
Hi,

Debian Sarge Linux 2.6.8-3-686-smp i686 GNU/Linux is kernel version and im using apt-get method and get files from Debian FTPs (deb http://debian.logiclinux.com/debian/ stable main).

That must be port 21 for ftp I omitted. What I mean is how can I incorporate this code below in shorewall?

====================
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 4 -j DROP
====================

Thanks :)
0
 
xDamoxCommented:
Hi,

I aint messed with shorewall, but I think you SSH into shorewall and add the rule to your INPUT rules.
0
 
decoleurCommented:
marvelsoft-

I tried pam_abl as well and had no luck with getting it to work. what I have gotten great successfrom is portsentry... you can use apt-get to acquire it (I think)

Package: portsentry (1.2-10)
http://packages.debian.org/unstable/net/portsentry
Securing and Optimizing Linux: RedHat Edition -A Hands on Guide -14.5. PortSentry
http://www.faqs.org/docs/securing/chap14sec116.html
PortSentry and Snort Compared
http://www.linux.ie/articles/portsentryandsnortcompared.php

the only down side is that you have to unblackhole the blocked group every once in a while.

hope this helps

-t
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now