Reply

Join Date: Dec 2006
Posts: 192
Reputation: nschessnerd is an unknown quantity at this point 
Solved Threads: 8
nschessnerd's Avatar
nschessnerd nschessnerd is offline Offline
Junior Poster

Ftp attack

 
0
  #1
Jan 4th, 2008
Hey, people have been trying to brute force my ftp. Every day ill check the log and it will say stuff like:

[5] Fri 04Jan08 16:57:06 - (000569) Closing connection
[5] Fri 04Jan08 16:57:07 - (000570) Connected to 58.211.58.2 (Local address 192.168.1.100)
[5] Fri 04Jan08 16:57:08 - (000570) Too many times wrong password for user "ADMINISTRATOR" - disconnecting
[5] Fri 04Jan08 16:57:09 - (000570) Closing connection
[5] Fri 04Jan08 16:57:09 - (000571) Connected to 58.211.58.2 (Local address 192.168.1.100)
[5] Fri 04Jan08 16:57:11 - (000571) Too many times wrong password for user "ADMINISTRATOR" - disconnecting
[5] Fri 04Jan08 16:57:11 - (000571) Closing connection

Does anyone have any suggestions for how to deal with this?
Thanks M
this.love(*);
&hea/rts;
Reply With Quote Quick reply to this message  
Join Date: Jun 2005
Posts: 1,409
Reputation: goldeagle2005 is an unknown quantity at this point 
Solved Threads: 43
Team Colleague
goldeagle2005's Avatar
goldeagle2005 goldeagle2005 is offline Offline
Finkus Stinkalotus

Re: Ftp attack

 
0
  #2
Jan 5th, 2008
Well, have you tried renaming the Administrator account?
Touch eyeballs to screen for cheap laser surgery
Reply With Quote Quick reply to this message  
Join Date: Dec 2006
Posts: 192
Reputation: nschessnerd is an unknown quantity at this point 
Solved Threads: 8
nschessnerd's Avatar
nschessnerd nschessnerd is offline Offline
Junior Poster

Re: Ftp attack

 
0
  #3
Jan 5th, 2008
I actually didnt have an administrator account setup. I did set one up though with a simple password and no privileges in a directory with a file that says go away [in meaner terms]. So im not worried about them actually getting in, im actually surprised they haven't. its just annoying.
this.love(*);
&hea/rts;
Reply With Quote Quick reply to this message  
Join Date: Sep 2007
Posts: 2
Reputation: dotslash is an unknown quantity at this point 
Solved Threads: 0
dotslash dotslash is offline Offline
Newbie Poster

Re: Ftp attack

 
0
  #4
Jan 6th, 2008
On your firewall (if it's based on Linux's iptables), with fail2ban software it uses IP address on your FTP log files, and it update the entries on the iptables rules. Here the fail2ban software (GPL License) while may be the solution to your problem.

http://www.fail2ban.org/wiki/index.php/Main_Page
Last edited by dotslash; Jan 6th, 2008 at 7:58 pm. Reason: Incorrect explanation
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Network Security Forum
Thread Tools Search this Thread



adobe advice antivirus apple attack barackobama blackmail bot botnet browser business cellphone china civilliberties crime cybercrime cyberwarfare daniweb data database dataloss dataprotection development email emailretention encryption exploit facebook forensic fraud google government hack hacker hacking hardware hotmail ibm identity identitytheft idtheft information infosec internet iphone kaspersky kernel law linux malware mcafee mckinnon microsoft military mobile nasa nationalsecurity network news obama olympics p2p password passwords paypal pdf pentagon phishing politics privacy realplayer report research safari satnav scam search security socialnetworking software spam survey symantec symbian terrorism terrorist trends trojan trojans twitter uk usb virtualization virus vulnerability warning web word worm yahoo
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC