I have many servers with public facing ftp and fail2ban banning bad IP's too. None of this required making the ftp server config that strange. I guess it's fine if you're one of the cool kids who know the secret handshake, but really it just makes all those links in all those web pages into broken links. IE, you click on them, and get an error instead of a text document explaining something about a floppy drive.
-- bkw On Mon, Apr 23, 2018 at 1:44 PM, Gregory McGill <[email protected]> wrote: > Yep me too, but I did set up a firewall on the BBS that blocks the 'bad > countries' that most of the attacks come from.. > port 23 open is way too exciting to the morons.. > > Greg > > On Mon, Apr 23, 2018 at 10:22 AM, Josh Malone <[email protected]> > wrote: > >> Okay - thanks. >> >> >> > The new FTP server was in response to the constant barrages of bots >> trying >> > to break into the server via insecure known FTP exploits. Not that they >> > could have done any damage since everything from the public site is >> > read-only, it was quite annoying. Sometimes we'd see 20-30,000 failed >> logins >> > a day with all sorts of dictionary attacks. Now, if any IP fails >> logging in >> > 5 times it's banned. >> >> I've grown accustomed to just ignoring failed logins - if you're on >> the internet, expect them at the rate of about 1E42 every second. :) >> >> -Josh >> > > -- bkw
