On 8/28/06, Eric Dunbar <[EMAIL PROTECTED]> wrote: > I recently activated vsftpd on my server and I'm noticing statistics > in the daily server report (automagically sent to root by all servers) > that suggest someone's trying a dictionary attack (presumably) on my > ftp server (10000+ login attempts ;-).
Welcome to the world of having a publicly facing machine. :-( You'll probably get piles of ssh attempts too, and lots of other things, many of which aren't even Linux related. > 1. Will the firewall provide protection against these attempts with > the defaults (I'm not 100% sure how to read the defaults yet)? If you don't allow external ftp, your firewall will help, but nothing is 100%. However, the firewall won't help if you need to keep port 21 open to the public. > 2. How do I configure the firewall/vsftpd to block repeated > unsuccessful attempts on the ftp server? Repeated? The firewall isn't the best place to do that, either a config in the ftp server or something else. I'm not sure if vsftpd has this ability or not. > 3. How do I find out what username/passwords they're using in their > dictionary attack? (I'd like to know what is insecure) I don't think this will benefit you much. You're better off making sure that you limit the access to the machine to the accounts that need it. Use /etc/vsftpd.user_list, which is a list of users that are allowed ftp, you'll need to activate it in the config (see below). > 4. Is there a GUI interface for the firewall that's intelligible > (WebMin sort of allows access but you need to understand its syntax to > do anything more than open up/closing ports and allowing access to > certain machines). I haven't seen a decent IPTables GUI yet. It's a bit of a pain, but it's worth learning how to build your own firewall rules. There is a ton of info on the net, some of it good, some of it bad. > PS Is there a better ftp server to use than vsftpd? It's quick and > dirty but it's not really that easily configured (I'd like to specify > ftp access for only certain users, and even then only for certain > directories). vsftpd is actually pretty decent and has a decent security record (which is probably why it is the default ftp server on RH machines). It's a bit of a pain to configure, plus the default config script doesn't have all the config options. Check the man pages, especially: man vsftpd.conf It's fairly well documented. Cheers, Chris _______________________________________________ yellowdog-general mailing list [email protected] http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general HINT: to Google archives, try '<keywords> site:terrasoftsolutions.com'
