Ask Slashdot: FTP Server Honeypots?

An anonymous reader writes "I run an FTP server for a few dozen people, and it seems like every week I have a random IP address connect to my box and try guessing 'Administrator' passwords once every five seconds or so. This poses no real risk to me, since all my accounts have custom (uncommon) names. But if this is happening to me, I would wager lots of people are at risk of low level, persistent, long term password cracking attempts. Is there a way to report the perpetrators, or any action we can take to address this kind of danger?"

Well, not really...

[DWMorse]

Proactively? Not really. The systems used for this are typically overseas, in countries that more or less don't care.

However, you -can- configure your server to disregard even initial connection attempts from specific ranges of IP addresses. I solved a lot of this on my own home FTP server by (sorry comrads) telling my server to ignore connection attempts from Russia and China.

Upon doing so, it went from a daily occurrence, to maybe one attempt a month. Usually less.

And, if a friend ever needs to FTP in from one of these countries, it's a simple enough rule change.

The longer answer.

[Tatarize]

The longer answer is do anything you want. I highly recommend spending a lot of time to configure an "administrator" login. Then have it take one to a fake directory with nothing important. Wait until that IP drops off the inevitable giant pile of files to be shared with other people, and then when all the stuff is uploaded. Disable it and keep the files. It seems like pretending to be there for a short while could get you many gigabytes of something. It would be like peer to peer in reverse.

Re:ssh is the same

[icebraining]

Proper security measures and changing port is better than having only the former.