Im seeing a BUNCH of distributed FTP attacks - they started a few weeks ago - for a time I disabled FTP - then I renabled it and now they are back
They are attempting to login using ADMIN and USER accounts - which of course dont exist
They may be referring to default windows accounts not sure but they dont exist in cpanel linux servers
Im wondering if its possible to block IPs as soon as they start attempting to access these accounts
THat may save some resources and cut them off sooner ... What do you think ?
distributed FTP attacks - can LFD be set to block on acct?
-
- Junior Member
- Posts: 115
- Joined: 18 Dec 2006, 01:55
-
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: distributed FTP attacks - can LFD be set to block on acc
We've suffered similar attacks recently. As we are in the UK and so are our hosting clients, we used the CC_ALLOW_PORTS feature on our hosting servers and restricted access to only the UK for port 21 and removed it from the TCP_IN list. This resulted in a period of sustained blocks after which they went away and things settled down overnight. We'll lift the restrictions again once we're sure it's gone.
-
- Junior Member
- Posts: 115
- Joined: 18 Dec 2006, 01:55
Re: distributed FTP attacks - can LFD be set to block on acc
EXCELLENT !!
You rock !!
Just like you All my FTP customers will be in US - this is great solution and there should only be limited reasons if any to ever remove it in my case
My only worry is in 2 years If its blocking something will I remember what I did and why ... ;-)
Maybe add a changes notes field to CSF ;-)
Thanks
You rock !!
Just like you All my FTP customers will be in US - this is great solution and there should only be limited reasons if any to ever remove it in my case
My only worry is in 2 years If its blocking something will I remember what I did and why ... ;-)
Maybe add a changes notes field to CSF ;-)
Thanks
-
- Junior Member
- Posts: 115
- Joined: 18 Dec 2006, 01:55
Re: distributed FTP attacks - can LFD be set to block on acc
ok Ive screwed something up
since I made this change CSF wont restart
iptables: Unknown error 4294967295
CC_ALLOWP all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
iptables: Unknown error 4294967295
iptables: Unknown error 4294967295
iptables: Unknown error 4294967295
Error: Error processing command for line [1660] (6 times): [iptables: Unknown error 4294967295], at line 1660
since I made this change CSF wont restart
iptables: Unknown error 4294967295
CC_ALLOWP all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
iptables: Unknown error 4294967295
iptables: Unknown error 4294967295
iptables: Unknown error 4294967295
Error: Error processing command for line [1660] (6 times): [iptables: Unknown error 4294967295], at line 1660
-
- Junior Member
- Posts: 115
- Joined: 18 Dec 2006, 01:55
Re: distributed FTP attacks - can LFD be set to block on acc
undoing yesterdays changes fixed the iptables error
but now Im seeing
"Jun 26 16:04:27 entropy kernel: allocation failed: out of vmalloc space - use vmalloc=<size> to increase size."
Which appears also to be related to IPtables
but now Im seeing
"Jun 26 16:04:27 entropy kernel: allocation failed: out of vmalloc space - use vmalloc=<size> to increase size."
Which appears also to be related to IPtables