CSF not blocking mass FTP attacks

Post Reply
ryankrizan
Junior Member
Posts: 1
Joined: 15 Oct 2013, 16:35

CSF not blocking mass FTP attacks

Post by ryankrizan »

I've noticed lately I'm getting a lot of attacks via FTP. I've checked the CSF configuration, and I've found this:

FTPD_LOG = "/var/log/secure" (restricted UI item)

Obviously, this can't be right, because /var/log/secure doesn't exist. Should I change this value to /var/log/proftpd/auth.log?

I'm using DirectAdmin for a control panel. It's unknown to me if DA uses a different log file format.

There is not /var/log/proftpd/proftpd.conf, the access.conf is empty. Also, nothing in /var/log/messages for proftp errors.
voytek
Junior Member
Posts: 3
Joined: 24 Sep 2013, 10:58

Re: CSF not blocking mass FTP attacks

Post by voytek »

you should change it to wherever your ftpd logs authentication failures
if not sure, do a failed ftp access, and see where it logs
Post Reply