• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Somebody is trying to brute force my FTP server. What should I do?

Leros

Leros

Lifer
Somebody is repeatedly trying to login to my FTP server. There are about two attempts every second.

The IP is 200.119.223.247. I did a reverse lookup and its coming from Uruguay.

What should I do?
 
Originally posted by: AgaBoogaBoo
Block the IP? 😛
Click to expand...


He is on my deny list, but the attempted login is still showing up every half second.

He isn't using any of my bandwidth, but my FTP program is using 80% of my CPU.
 
Originally posted by: Leros
Somebody is repeatedly trying to login to my FTP server. There are about two attempts every second.

The IP is 200.119.223.247. I did a reverse lookup and its coming from Uruguay.

What should I do?
Click to expand...



There is another site that I visit pretty frequently who was hacked twice just recently. Looked russian or something with a weird name, and then the hackers signature disappeared. That is the first time I have actually seen anything like that. Wow, I knew there were sites to look oup IP locations, did not know you might possibly be able to do a reverse look up. Hmmmm... I learn something new everyday here.
 
I blocked off the IP at the router. Should I do anything about this guy or just ignore the hundreds of packets bouncing off my router?
 
Originally posted by: Leros
I blocked off the IP at the router. Should I do anything about this guy or just ignore the hundreds of packets bouncing off my router?
Click to expand...

Ignore. You'll get used to the kiddies, and they will go way eventually.
 
As others have said, it's usually best to just block their IP and then ignore.

I sometimes run an nmap on them just to let them know I'm watching them.
Not too long ago a person who was trying to brute force me stuck around on undernet. I just sent him a tell that I had patched my proftpd and that he'd be chrooted with read only access and there's no chance of him causing a buffer underrun. I also told him that he will need a new IP address to try to break into my site. I also let him know that there is no "admin" account, and that root is obviously set to "su only" access (well, aside from physical console anyways). He stopped trying to get into my site.

 
You must log in or register to reply here.

TRENDING THREADS

Back
Top