0

Looking for module which will put ProFTPD brute-forcing ip address into hosts.deny. Say if 3 times password was incorrect, ban it from server, preventing to try other services.

Michael
  • 397
  • 1
  • 7
  • 15

4 Answers4

7

If your not adverse to installing other tools than you could use something like Fail2Ban

Pratik Amin
  • 3,303
  • 3
  • 22
  • 19
3

Have a look at http://www.proftpd.org/docs/contrib/mod_ban.html

  MaxLoginAttempts 1

  <IfModule mod_ban.c>
    BanEngine on
    BanLog /var/log/proftpd/ban.log
    BanTable /var/data//proftpd/ban.tab

    # If the same client reaches the MaxLoginAttempts limit 2 times
    # within 10 minutes, automatically add a ban for that client that
    # will expire after one hour.
    BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00

    # Allow the FTP admin to manually add/remove bans
    BanControlsACLs all allow user ftpadm
  </IfModule>
Kyle Hudson
  • 202
  • 2
  • 11
  • This will not block ip address from connection, hence there is a risk that attacker will try brute-force another services. That's why I was looking for some way to block his ip from connecting to server at all. – Michael Mar 16 '11 at 16:34
  • 1
    Sorry I misread your querstion. Have a look at http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/ and http://www.thebuzzmedia.com/using-fail2ban-to-prevent-brute-force-attacks/ – Kyle Hudson Mar 16 '11 at 16:41
0

iptables can do this without the need to install any additional software, or reconfigure underlying services.

Jeff Albert
  • 1,987
  • 9
  • 14
  • iptables doesn't checks for wrong logins on logs. fail2ban it's a service which checks logs and if it detects several wrong logins it will apply an iptables rule to lock that IP away. – NetVicious Jun 26 '23 at 12:06
0

You can also try BFD which works with both APF and CSF.

See this for an example scenario.

Bourne
  • 1,039
  • 5
  • 18
  • 24