I am suggesting to enable mod_ban ( http://www.castaglia.org/proftpd/modules/mod_ban.html ) on proftpd for controlling the Brutal Attack which is coming through FTP.
It is just and update of the RPM for proftpd. Can you please give me your idea about that ?
Agree… I had constant FTP attacks, and the new proftpd with built in mod_ban stops them cold. With proftpd 1.32 pr newer just select the mod_ban compile option and then add this or something like it to the proftpd config file:
BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00
I would propose to Joe something like this be the default.
[edit: this was a FREEBSD & VMPro install via install script. Update all the ports first before install.sh . Make sure all directories exist and are writeable by proftpd]<br><br>Post edited by: SteveAcup, at: 2008/11/16 14:44
Debian etch does not have mod_ban – only a few distros actually have this module so in the end Joe/Jamie would have to support this in there own repo’s. It’s a great mod and I use it for my mandriva desktop. Shame that debian has failed to include this.
I’d prefer the default be not using FTP, at all. SSH has an excellent FTP protocol, which most FTP clients support, and the security history of OpenSSH is excellent.
I’ll look into mod_ban…but I won’t make any promises. As Scott mentioned, if it isn’t a standard module, it requires a serious investment of resources to create and maintain the packages.
I wouldn’t bother with it – researching for any debian packages comes up with nothing except for a 1 old version of proftpd and mod_ban… 1.2.1 and .4.5 so its not worth it unless you do a complete rebuild for debian etch.
As I can see you are already building your own package for CentOS proftpd, not default package ( mine is proftpd-1.2.10-9.vm ) . For sure it should be easy to just include the mod_ban compile time enviroment to the spec file and that’s all. As steve mentioned it is already included in the new version of proftpd.
Ping on this topic: Any further consideration of adding this or at least updating the vm version of proftpd to V1.3.2 ?
For banning, you might be better off using a tool that monitors either PAM, or log messages, and sets a system-wide ban rather than just on FTP. Both because it’s more secure, and because ProFTP’s mod_ban module is non-standard, making it difficult to maintain
As far as the ProFTP version, if you want to see them use a newer version, I’d recommend filing a request in the support tracker using the Support link above.