Some bright spark decided to launch a dictionary attack against my two FTP servers last night, attempting 16,901 logins on each server. The only real harm done was that it generated about 5 meg of logs that logwatch dutifully emailed to me this morning and Apple Mail didn't appreciate.
Re: script kiddy scum
gav on 2004-06-10T15:18:53
I guess I could write something that looked at the logs and then used iptables to ban that IP, but that seems too much like hard work:) Re: script kiddy scum
KM on 2004-06-11T21:44:04
Basically, a rumplestiltskin attack on your FTP. Have something watch the logs, and when it sees N failed logins from an IP, blackhole the IP. Search Google, you should be able to find a basic Perl script which does it with mail logs and not hard to modify.
Or, turn off FTP and make people scp:-)
