Member Avatar for nschessnerd

Hey, people have been trying to brute force my ftp. Every day ill check the log and it will say stuff like:

[5] Fri 04Jan08 16:57:06 - (000569) Closing connection
[5] Fri 04Jan08 16:57:07 - (000570) Connected to 58.211.58.2 (Local address 192.168.1.100)
[5] Fri 04Jan08 16:57:08 - (000570) Too many times wrong password for user "ADMINISTRATOR" - disconnecting
[5] Fri 04Jan08 16:57:09 - (000570) Closing connection
[5] Fri 04Jan08 16:57:09 - (000571) Connected to 58.211.58.2 (Local address 192.168.1.100)
[5] Fri 04Jan08 16:57:11 - (000571) Too many times wrong password for user "ADMINISTRATOR" - disconnecting
[5] Fri 04Jan08 16:57:11 - (000571) Closing connection

Does anyone have any suggestions for how to deal with this?
Thanks M

  • 3 Contributors
  • 3 Replies
  • 85 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by dotslash
Member Avatar for goldeagle2005

Well, have you tried renaming the Administrator account?

Member Avatar for nschessnerd

I actually didnt have an administrator account setup. I did set one up though with a simple password and no privileges in a directory with a file that says go away [in meaner terms]. So im not worried about them actually getting in, im actually surprised they haven't. its just annoying.

Member Avatar for dotslash

On your firewall (if it's based on Linux's iptables), with fail2ban software it uses IP address on your FTP log files, and it update the entries on the iptables rules. Here the fail2ban software (GPL License) while may be the solution to your problem.

http://www.fail2ban.org/wiki/index.php/Main_Page

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.