Last night (in low traffic conditions) I got 1 attack on ftp server.
The attacker made 1 single connect and then it made about 3000 failed logins before another user spawned the blockhost script which blocked the attack.
My question is: Is it possible to schedule a blockhost scan at regular intervals in addiction to the spawned processes to fix this situations?
Thanks for your help.
Frank
Travel Travel reports, it is all about food
Montreal: Schwartz's, Le Petit Alep
Albums: Pictures and some notes
ITRANS Song Book Hindi, Urdu, Marathi song lyrics
Online ITRANS Web Interface
BlockHosts block hosts
BlockHosts FAQ
BlockHosts Forum
CD Inserts & Envelopes Web Interface
Nisha Ganatra's Films
Cake: starring Heather Graham
Email: avinash@aczoom.com
Copyright © 1995-2016 Avinash Chopde, avinash@aczoom.com
vsftpd?
What FTP server is this - vsftpd? There are some postings on vsfptd in this forum - the older versions are not really suitable for blockhosts - even if you use crontab entries to scan at regular intervals, vsftpd uses a single process to continue to serve login requests, no way to stop it.
I understand the newer versions have a configuration setting that exists the vsftpd server after a fixed number of failures.