[olug] more secure FTP server?

Lou Duchez lou at paprikash.com
Tue Aug 13 01:35:18 UTC 2013

So one of my Web sites got hacked via FTP.  Looking into it, here is the 
problem.  I am running VSFTPD, and I am also running Fail2Ban to monitor 
the VSFTPD log and detect failed login attempts.  It's a good system.  
It's a nearly flawless system.  The one flaw in this is, apparently, 
VSFTPD doesn't bother to write much of anything to the log(s) when there 
are errant login attempts, so Fail2Ban doesn't have anything to work with.

Does anyone know how to make VSFTPD more talkative in the case of failed 
logins?  Or can anyone recommend a better FTP server, one that bothers 
to log these things properly?

I realize that there are other measures I can take too, such as limiting 
the IPs, changing the port, and not using FTP except when nothing else 
will do.  And I'm looking into that.  but I'd also like to be running a 
good FTP server.

More information about the OLUG mailing list