Hello,
it will be really nice if we could detect massive pure-ftpd non TLS connection, yesterday i had log file of about 25k login attempts trying to login using non TLS connection which i disallow, is there any chance that you may make a an option to track those messages and block the ips if they exceed certain number of error messages such as 20.
those are the messages im talking about
Feb 14 11:30:52 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Feb 14 11:30:58 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Feb 14 11:31:03 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Feb 14 11:31:05 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Feb 14 11:31:07 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Feb 14 11:31:08 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Feb 14 11:31:10 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Feb 14 11:31:12 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Thank you.
pure-ftpd login attempts cleartext
-
- Junior Member
- Posts: 3
- Joined: 06 Nov 2012, 22:13
Re: pure-ftpd login attempts cleartext
I would appreciate some help with this problem also. I had an attack that started Mar 13 14:00:04 and ended 14:59:59
logged: Log Scanner Report for 16:00, (lines:11795)
Could anyone point me to a solution that would catch this?
Thanks
logged: Log Scanner Report for 16:00, (lines:11795)
Could anyone point me to a solution that would catch this?
Thanks
-
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: pure-ftpd login attempts cleartext
You would have to write a custom regex to catch this as it is not a format that csf detects, using /etc/csf/regex.custom.pm
-
- Junior Member
- Posts: 3
- Joined: 06 Nov 2012, 22:13