Ftp bruteforce

K

kanary

Verified User
Joined
Jun 8, 2007
Messages
75
Location
Holland - Het westland
I got a problem on a few servers of mine.

There is an bruteforce hacker that probebly tries to do a brute force on my ftp accounts.

and when he got acces he always insert some codes in index.php or index.html always after the body tag of the html codes.

the code that he insert is encoded (in javascript) but if i decoded it it contans an ip where it sent some info to.

But what the code does is that it tries to open outlook.

firefox and internet explorer has protected this with the yellow bar that the top of the website that apears when you try to execute a activex element.


Whats the best way to prevent this ?
 
yeah... but is the rule in bfd for proftpd actually working...?
I have APF and BFD running and it does ban IPs of machines trying to brute force ssh but it does not seems to ban proftpd pass brute force attempts....

I just stopped my proftpd :) for now.... and logging in thru SFTP thru SSH...
but I have to figure out soon what is wrong with that rule....or what other might be causing it?
:rolleyes:
 
I currently run denyhosts to stop ssh bruteforce attacks, has been affective so far. However, I have begun to notice a lot of ftp login attempts in my servers logs

I have found a app called fail2ban which helps block repeated brute force login attempts. I am yet to implement it, but you might want to take a look.

www.fail2ban.org
 
..so why does my ftp rule in APF +BFD (the default one) for ftp brute force attacks do not work for me.... ?

ideas?

PS:
Jlasman.... take a look at the last comment at the page http://www.webhostgear.com/60.html :) haha
 
Last edited:
m4ri00sh, I don't get your point. If APF+BFD doesn't work as it's supposed to the right place to ask about it would be the author and his support forums.

Jeff
 
You must log in or register to reply here.
Back
Top