[olug] more secure FTP server?

Lou Duchez lou at paprikash.com
Tue Aug 13 02:07:28 UTC 2013

... I think maybe I spoke too soon -- VSFTPD seems to do a fine job of 
logging when I test it myself.  I had assumed it was a brute-force 
attack because the IP that the hack originated from is in Bavaria, but 
as far as I can tell, a brute-force attack would have been logged and 
Fail2Ban would have shut that down (that's what happened when I tested 
it myself).

Malware on a user machine?  Packet sniffer?  All I can do is talk to end 
users, change the passwords, and try to lock the FTP down by IP.

> So one of my Web sites got hacked via FTP.  Looking into it, here is 
> the problem.  I am running VSFTPD, and I am also running Fail2Ban to 
> monitor the VSFTPD log and detect failed login attempts.  It's a good 
> system.  It's a nearly flawless system.  The one flaw in this is, 
> apparently, VSFTPD doesn't bother to write much of anything to the 
> log(s) when there are errant login attempts, so Fail2Ban doesn't have 
> anything to work with.
> Does anyone know how to make VSFTPD more talkative in the case of 
> failed logins?  Or can anyone recommend a better FTP server, one that 
> bothers to log these things properly?
> I realize that there are other measures I can take too, such as 
> limiting the IPs, changing the port, and not using FTP except when 
> nothing else will do.  And I'm looking into that.  but I'd also like 
> to be running a good FTP server.
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list