I have to run a public FTP server for our clients to upload files to
us. This means that every day I have to deal with some machine, usually
in Asia but occasionally also here in the States, banging on the ftp
port several times a second, trying to log in with various (invalid)
user names. For example this morning:
Feb 17 07:47:13 lansky vsftpd: pam_succeed_if(vsftpd:auth): error
retrieving information about user Administrator
Feb 17 07:47:16 lansky vsftpd: pam_unix(vsftpd:auth): check pass; user
unknown
Feb 17 07:47:16 lansky vsftpd: pam_unix(vsftpd:auth): authentication
failure; logname= uid=0 euid=0 tty= ruser=
rhost=216.31.131.61.broad.dynamic.pt.fj.cndata.com
Feb 17 07:47:16 lansky vsftpd: pam_succeed_if(vsftpd:auth): error
retrieving information about user Administrator
Feb 17 07:47:19 lansky vsftpd: pam_unix(vsftpd:auth): check pass; user
unknown
Feb 17 07:47:19 lansky vsftpd: pam_unix(vsftpd:auth): authentication
failure; logname= uid=0 euid=0 tty= ruser=
rhost=216.31.131.61.broad.dynamic.pt.fj.cndata.com
Feb 17 07:47:19 lansky vsftpd: pam_succeed_if(vsftpd:auth): error
retrieving information about user Administrator
Feb 17 07:47:22 lansky vsftpd: pam_unix(vsftpd:auth): check pass; user
unknown
Feb 17 07:47:22 lansky vsftpd: pam_unix(vsftpd:auth): authentication
failure; logname= uid=0 euid=0 tty= ruser=
rhost=216.31.131.61.broad.dynamic.pt.fj.cndata.com
Is there a way to configure iptables to automatically block a
specific IP after a certain repeated count (in a specific period)? Or,
is there a way to tell vsftpd to deny connections after a certain number
of failed logins? Something like a MaxLoginAttempts or some such?
--
H | It's not a bug - it's an undocumented feature.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ashley@xxxxxxxxxx> . 303.442.6410 x130
IT Director / SysAdmin / Websmith . 800.441.3873 x130
Photo Craft Imaging . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.