blockhosts.py works in conjunction with tcpd-wrappers, and it requires that services terminate the connection if too many bad login attempts are seen.
OpenSSH's sshd works fine. ProFTPd works fine.
VSFTPD does not work well with tcpd-wrapper blocking.
Vsftpd keeps the same server process active for any number of login failures on that connection from a host, even when launched using xinetd. This means even though that host-ip will be blocked in hosts.allow file by blockhosts.py when the nth bad login attempt is made, it won't take effect until that host disconnects and then tries to reconnect. The host is free to run 100s, 1000s, unlimited number of login attempts. Vsftpd does not have an equivalent of the MaxLoginAttempts configuration of ProFTPd.
Scanning log files, I found just under 2000 login attempts from a single host when using vsftpd as the FTP server.
This makes vsftpd not really well suited to using hosts.allow filtering.
Pure-FTPd: I don't have any experience with pure-ftpd, if anyone can comment on how pure-ftpd handles failed login attempts - does it have the ability to disconnect and start a new server process after a certain number of failed attempts? Please post a comment in this thread.
Pure-FTPd
hi, (I'm the one who posted info about Fedora & Pure-FTPd)
Pure-FTPd works fine with tcp-wrappers. It has an equivalent of the MaxLoginAttempts configuration of ProFTPd. Although it's not configurable as command line parameter, it can be defined before compilation. The default value is 5 authentication tries, after which server is closing connection.
To change the number of tries you have to edit (before compilation) file "ftpd_p.h". Search for line:
#define MAX_PASSWD_TRIES 5 /* Abort after 5 authentication failures */
regards,
Cypriano PL
latest vsfptd has new feature to now work
Not tested this, but a comment in another thread led to the latest info on vsftpd, which has a feature to fix the issue, here's the snippet from the Changelog file:
- Kick session after a few login fails. Allows IP blocking solutions to be more
immediately effective.
Version: Jul 2006 - vsftpd-2.0.5
So, this should work well with blockhosts.py - have not tested this yet, here's the configuration parameter to use, default should be fine:
max_login_fails
After this many login failures, the session is killed.
Default: 3
I have tested this with
I have tested this with VSFTPD on FC5 (had to rebuild the SRPM from FC6 since the 2.05 hasnt made it to FC5 updates yet) and it does work