Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: FTP Server Honeypots?

Posted by timothy on from the said-the-spider-to-the-vandal dept.

An anonymous reader writes "I run an FTP server for a few dozen people, and it seems like every week I have a random IP address connect to my box and try guessing 'Administrator' passwords once every five seconds or so. This poses no real risk to me, since all my accounts have custom (uncommon) names. But if this is happening to me, I would wager lots of people are at risk of low level, persistent, long term password cracking attempts. Is there a way to report the perpetrators, or any action we can take to address this kind of danger?"

3 of 298 comments (clear)

  1. rate limit incoming connections based on IP by Shakrai · · Score: 5, Informative

    Easier than banning every overseas IP, IMHO anyway. This is what I do for SSH:

    # Allow SSH with a rate limit
    iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -m hashlimit --hashlimit 15/hour --hashlimit-burst 3 --hashlimit-htable-expire 600000 --hashlimit-mode srcip --hashlimit-name ssh -j ACCEPT
    iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -j LOG --log-prefix "[DROPPED SSH]: "
    iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -j DROP

    There may be a more eloquent way to do this but it gets the job done.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  2. Re:ftp sends passwords in cleartext; sftp+denyhost by alostpacket · · Score: 5, Funny

    That would be like retrofitting a tricycle to make it supersonic.

    So you're saying it would be totally awesome?

    --
    PocketPermissions Android Permission Guide
  3. Re:The longer answer. by diodeus · · Score: 5, Funny

    Years ago we found our FTP server was full. It was hacked and contained all kinds of movies and xbox games. We just happened to like movies and xbox games, so we gave it a bit more space.