distributed FTP attacks - can LFD be set to block on acct?

Post Reply
silver_2000
Junior Member
Posts: 115
Joined: 18 Dec 2006, 01:55

distributed FTP attacks - can LFD be set to block on acct?

Post by silver_2000 »

Im seeing a BUNCH of distributed FTP attacks - they started a few weeks ago - for a time I disabled FTP - then I renabled it and now they are back

They are attempting to login using ADMIN and USER accounts - which of course dont exist
They may be referring to default windows accounts not sure but they dont exist in cpanel linux servers

Im wondering if its possible to block IPs as soon as they start attempting to access these accounts

THat may save some resources and cut them off sooner ... What do you think ?
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: distributed FTP attacks - can LFD be set to block on acc

Post by ForumAdmin »

We've suffered similar attacks recently. As we are in the UK and so are our hosting clients, we used the CC_ALLOW_PORTS feature on our hosting servers and restricted access to only the UK for port 21 and removed it from the TCP_IN list. This resulted in a period of sustained blocks after which they went away and things settled down overnight. We'll lift the restrictions again once we're sure it's gone.
silver_2000
Junior Member
Posts: 115
Joined: 18 Dec 2006, 01:55

Re: distributed FTP attacks - can LFD be set to block on acc

Post by silver_2000 »

EXCELLENT !!
You rock !!

Just like you All my FTP customers will be in US - this is great solution and there should only be limited reasons if any to ever remove it in my case
My only worry is in 2 years If its blocking something will I remember what I did and why ... ;-)
Maybe add a changes notes field to CSF ;-)

Thanks
silver_2000
Junior Member
Posts: 115
Joined: 18 Dec 2006, 01:55

Re: distributed FTP attacks - can LFD be set to block on acc

Post by silver_2000 »

ok Ive screwed something up

since I made this change CSF wont restart

iptables: Unknown error 4294967295
CC_ALLOWP all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
iptables: Unknown error 4294967295
iptables: Unknown error 4294967295
iptables: Unknown error 4294967295
Error: Error processing command for line [1660] (6 times): [iptables: Unknown error 4294967295], at line 1660
silver_2000
Junior Member
Posts: 115
Joined: 18 Dec 2006, 01:55

Re: distributed FTP attacks - can LFD be set to block on acc

Post by silver_2000 »

undoing yesterdays changes fixed the iptables error
but now Im seeing

"Jun 26 16:04:27 entropy kernel: allocation failed: out of vmalloc space - use vmalloc=<size> to increase size."
Which appears also to be related to IPtables
Post Reply