RE: Massive failed FTP attempts

[Amit <amit.uttam () gmail com>]

First of all take pride on the fact that they weren't able to break
in! This shows good sysadmin practice from your part as well as good
LAMP set up.

Next suggestion would be to check out if there are any security
updates or known vulnerabilities for proftpd. I am sure the attacker
must have checked out the latest bugs on the software and is trying to
exploit that.

Then, try to find out where the IP is originating from. Usually you
can be quite sure about which country, ISP, etc.

Also, check if it is trying to access any of your other services.

Finally, look at setting up an sftp server instead of FTP if feasible
as it might provide you with much better security.

Hope this helps,

Amit