Re: he hammer mine ftp-server how can i block that ip

From: David (thunderbolt01_at_netscape.net)
Date: 11/22/03


Date: Sat, 22 Nov 2003 21:49:26 GMT

volkman wrote:
>
> I use proftpd for mine ftp-server.
> but there is a lot of users that hammer mine server so
> i will that iptable automatic block that ip
> example: have he 3 time login in about 30 sec than drop iptable that ip
> is there someone where i can find info about that?
> or know how to do that?

Some of it may be the same host connecting multiple times. If
that is what is happening you can limit them to just one
connection by adding the lines below to /etc/profile.conf and
restarting proftpd.

   # Limit number of logins by host.
   MaxClientsPerHost 1

With this set it will "refuse" multiple connections from the same
host but still allow a single connection from the host.

-- 
Confucius:  He who play in root, eventually kill tree.
Registered with The Linux Counter.  http://counter.li.org/
Slackware 9.1.0 Kernel 2.4.22 SMP i686 (GCC) 3.3.2
Uptime: 14:54, 1 user, load average: 0.69, 0.40, 0.43


Relevant Pages

  • Re: he hammer mine ftp-server how can i block that ip
    ... > I use proftpd for mine ftp-server. ... Some of it may be the same host connecting multiple times. ... host but still allow a single connection from the host. ...
    (comp.os.linux.networking)
  • Re: he hammer mine ftp-server how can i block that ip
    ... > I use proftpd for mine ftp-server. ... Some of it may be the same host connecting multiple times. ... host but still allow a single connection from the host. ...
    (alt.os.linux.suse)
  • understanding chkrootkit: sshd section
    ... Rhosts Authentication disabled, originating port will not be trusted. ... Secure connection to %.100s on port %hu refused%.100s. ... Warning: Remote host refused compression. ... Received RSA challenge from server. ...
    (comp.os.linux.security)
  • understanding chkrootkit: sshd section
    ... Rhosts Authentication disabled, originating port will not be trusted. ... Secure connection to %.100s on port %hu refused%.100s. ... Warning: Remote host refused compression. ... Received RSA challenge from server. ...
    (comp.security.unix)
  • Re: ICS and FS trouble
    ... >>>client for ms networks, service advertising protocol, file and printer ... >>>execept that the MS beta AntiSpyware connects to the internet and recognises ... >> Microsoft doesn't support changing the ICS host computer's LAN ... >> Internet connection has a 192.168.0.x address that can't be changed to ...
    (microsoft.public.windowsxp.network_web)