Hello, I had a lamer script kiddie playing with my machine the other day.
How can I limit the number of failed login attempts in proftpd? I think allowing over 4000 for the same user name is a bit much.
I use sshdfilter for ssh2 : http://www.csc.liv.ac.uk/~greg/sshdfilter/index_15.html
and love it.
"sshdfilter blocks the frequent brute force attacks on ssh daemons, it does this by directly reading the sshd logging output (or syslog output) and generating iptables rules, the process can be quick enough to block an attack before they get a chance to enter any password at all."
I guess I could just modify sshdfilter to ftpdfilter....
I am looking at Castaglia's information at : http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-Logging.html#FIFOs
Thanks in advance for any ideas...
-----redhat 9 / proftp 1.2.9---
Service ftp: 18.104.22.168: FAILED 4025 Time(s) (all for user=administrator (which does not exist of course))
[14/Jun/2006:02:44:32 -0500] "USER Administrator" 331
ftp-auth.log:FTP SERVER  22.214.171.124 [14/Jun/2006:02:44:32 -0500] "PASS (hidden)" 503
ftpsystem.log:Jun 14 02:46:28 ftp.xxxxxxx.com
43]): USER Administrator: no such user found from 126.96.36.199 [188.8.131.52] to 184.108.40.206:21