Ban an IP after *** login attempts

[blaszlo]

Hey guys,

I keep getting people trying to brute-force their way into one of my servers via proftpd... Now, I'm not too concerned about them gaining access, but it's becoming a huge thorn in my side and it bothers me because they are allowed about 25,000 attempts before their IP is banned. How do I make it so their IP is banned after... say... 50 failed attempts? Any help would be appreciated! And while we're on the topic, is there any other type of security I could put in place on my servers for not only ftp but other attacks as well? Thanks guys!

 

[littleoak]

You may want to use CSF and LFD on your server. LFD will handle the bans for you.

 

[blaszlo]

Okay, is there some documentation on LFD that I can read up on? Where do I get it?

 

[proHSP]

csf+lfd documentation and downloads are on configserver.com

 

[blaszlo]

Thanks! Any more help/suggestions would be appreciated.

 

[nobaloney]

We use, and can install, APT+BFD.

Jeff

 

[Dravu]

We use, and can install, APT+BFD.

Jeff

I also use APF+BFD and it works very nice.

 

[blaszlo]

BFD is brute force detection right? I've heard of it and I think I'll give it a try... Thanks!

 

[nobaloney]

Yep. APF+BFD is:

Advanced Policy Firewall + Brute Force Detection

Jeff

 

[xciso]

Yep. APF+BFD is:

Advanced Policy Firewall + Brute Force Detection

Jeff

How can I install this?
The easy way plz

 

[smtalk]

http://directadmin.com/forum/showthread.php?t=14500 just use "cd apf-*" instead of "cd apf-0.*".