Security Basics mailing list archives
RE: Massive failed FTP attempts.
From: "Mark Sutton" <msutton () moltenplanet com>
Date: Wed, 5 Sep 2007 09:25:22 +0100
Hi Michael; It sounds like a dictionary attack on the passwords of standard usernames. As the IP is moving blacklisting the IPs won't work, you won't be able to stop them trying to hack you either, however unless the scans are totally random, they will first determine you have an FTP server and then try to hack it. As scans for servers tend to focus on the default ports you could change these on your external router so that they are less likely to determine you have one by scanning. Cheers Mark ------------------------------------- Mark Sutton : CISSP Technical Consultant Weebsite : www.moltenplanet.com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Michael Nielson Sent: 01 September 2007 04:33 To: security-basics () securityfocus com Subject: Massive failed FTP attempts. I run several small LAMP virtual servers, I've noticed a large amount of failed FTP login attempts, these all attempt to login with common FTP usernames like Administrator, or webmaster (the FTP server is proFTPd version 1.2.10). The attacker will try from one IP address maybe 30 or 40 times and then moving to a new IP address. I have several questions, first what are they trying to do? Crack my password? Or exploit a bug with proftpd? I've been more diligent about choosing a difficult to break password. More important what can I do to limit the number of attempts on my server? Thanks tons! Michael
Current thread:
- Massive failed FTP attempts. Michael Nielson (Sep 04)
- Re: Massive failed FTP attempts. l00t3r (Sep 04)
- RE: Massive failed FTP attempts. Paul Conaghan (Sep 04)
- RE: Massive failed FTP attempts. whip (Sep 11)
- RE: Massive failed FTP attempts. Dan Denton (Sep 12)
- RE: Massive failed FTP attempts. whip (Sep 11)
- RE: Massive failed FTP attempts. James Finnican (Sep 04)
- RE: Massive failed FTP attempts. Mark Sutton (Sep 05)
- Re: Massive failed FTP attempts. Robert Bauer (Sep 06)
- Re: Massive failed FTP attempts. Robert Bauer (Sep 07)
- Re: Massive failed FTP attempts. Oumar Niane (Sep 11)