beansbaxter
Verified User
Every day, on every hour, I get an email from DirectAdmin saying there was a brute force attempt by a user using proftpd, for example:
The only thing that changes is the user name and the number of failed login attempts. All of these brute force messages are associated with proftpd.
New websites, built from scratch, have been put in place so I am 100% sure there are no suspicious files that consist of the website.
These user names are not users setup in DirectAdmin. I believe these were usernames that were once used for the websites, before they were moved to this DA server. And those old usernames are still being used to attempt to login.
This has been going on for months and I just want to be rid of all these attempts/emails.
Is it possible to blacklist all usernames for this specific issue?
What other options do I have?
If it matters, I'm running DA 1.42.1 on CentOS 5 with the latest CSF 5.73.
Thanks in advance!
Code:
User admin has 153 failed login attempts: proftpd1=153
The only thing that changes is the user name and the number of failed login attempts. All of these brute force messages are associated with proftpd.
New websites, built from scratch, have been put in place so I am 100% sure there are no suspicious files that consist of the website.
These user names are not users setup in DirectAdmin. I believe these were usernames that were once used for the websites, before they were moved to this DA server. And those old usernames are still being used to attempt to login.
This has been going on for months and I just want to be rid of all these attempts/emails.
Is it possible to blacklist all usernames for this specific issue?
What other options do I have?
If it matters, I'm running DA 1.42.1 on CentOS 5 with the latest CSF 5.73.
Thanks in advance!