[olug] more secure FTP server?
Lou Duchez
lou at paprikash.com
Tue Aug 13 02:07:28 UTC 2013
... I think maybe I spoke too soon -- VSFTPD seems to do a fine job of
logging when I test it myself. I had assumed it was a brute-force
attack because the IP that the hack originated from is in Bavaria, but
as far as I can tell, a brute-force attack would have been logged and
Fail2Ban would have shut that down (that's what happened when I tested
it myself).
Malware on a user machine? Packet sniffer? All I can do is talk to end
users, change the passwords, and try to lock the FTP down by IP.
> So one of my Web sites got hacked via FTP. Looking into it, here is
> the problem. I am running VSFTPD, and I am also running Fail2Ban to
> monitor the VSFTPD log and detect failed login attempts. It's a good
> system. It's a nearly flawless system. The one flaw in this is,
> apparently, VSFTPD doesn't bother to write much of anything to the
> log(s) when there are errant login attempts, so Fail2Ban doesn't have
> anything to work with.
>
> Does anyone know how to make VSFTPD more talkative in the case of
> failed logins? Or can anyone recommend a better FTP server, one that
> bothers to log these things properly?
>
> I realize that there are other measures I can take too, such as
> limiting the IPs, changing the port, and not using FTP except when
> nothing else will do. And I'm looking into that. but I'd also like
> to be running a good FTP server.
>
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list