On 29/08/06, Christopher Murtagh wrote: > On 8/28/06, Eric Dunbar wrote: > > I recently activated vsftpd on my server and I'm noticing statistics > > in the daily server report (automagically sent to root by all servers) > > that suggest someone's trying a dictionary attack (presumably) on my > > ftp server (10000+ login attempts ;-). > > > 3. How do I find out what username/passwords they're using in their > > dictionary attack? (I'd like to know what is insecure) > > I don't think this will benefit you much. You're better off making > sure that you limit the access to the machine to the accounts that > need it. Use /etc/vsftpd.user_list, which is a list of users that are > allowed ftp, you'll need to activate it in the config (see below).
In vsftpd.user_list there's a reference to another solution for blocking users. The file "/etc/vsftpd.ftpusers" contains a list of users to deny, and (as far as I can tell), it does ask for a password (unlike .user_list won't when it's DENYing users) so a potential hacker won't even be able to discover user names on the system. Now I'm down to one public user and that user has a secure password anyway (unlike some of the others... I should really get around to implementing/learning how to allow passwordless ssh and smb access specified local machines ;-). Plus, it doesn't really matter if that account is compromised since nothing personal is available through that account (though, it could be used to distribute files, I guess). Thanks to Chris and Peter-Paul _______________________________________________ yellowdog-general mailing list [email protected] http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general HINT: to Google archives, try '<keywords> site:terrasoftsolutions.com'
