On a VPS.
Using CentOS 6.3.
After doing a LAMP setup and installing phpmyadmin and protecting access to it with Fail2ban using official docs from Fail2ban website.... I've a big hole concerning ftp access as it's vulnerable to brute force attacks.
The Fail2ban docs on failregex codes for vsftpd-iptables jail config doesn't seem to work. Does anyone have valid failregex codes that will make this work to ban ftp attackers?
Is there a better way? perhaps whitelisting a specific Network range in iptables for ftp and then using Fail2ban for what ever IP fails to validate within that range incase of IP spoofing?
IDEAS? please
Couldn't you just use SFTP bundled with OpenSSH? If I remember correctly, SSH failures would catch those then.
maybe.. but that's a whole lot of bloat isn't it?
http://www.centos.org/docs/5/html/Deploy...onfig.html
plus using OpenSSH the docs say to disable vsftpd.... vsftp is pretty tiny... and pretty good I think.. it's just it doesn't have build it brute force detection with builtin banning. Which is what I'm wanting to make happen with Fail2ban... there's tons of useful docs for implementing fail2ban for everything from stopping bad bots w/ TCP wrappers to using with OpenVPN. But as far as using fail2ban with SFTP, the docs are seriously lacking at the moment :/
your VPS should already be running openssh otherwise you would never be able to get into it.
DOH! didn't know that... so then what's the best way to secure SFTP port from brute force?
Right now I'm using fail2ban to secure a great deal of things and it seems pretty good... is there something better or what do other use to secure their FTP or SFTP from attacks?
Edit:
oh great.. now another issue where fail2ban won't start or restart after reboot:
http://stackoverflow.com/questions/15605...ter-reboot
If I understand correctly, if you fail logging into SFTP, it counts as an ssh failure, which F2B should catch and block after a while. So you could very well hit two birds with one stone.
ah, okay. It's funny how not going public with the IP and barely having the server up for a couple days that I already have had numerous repeated 10 times failed access bans that F2B caught. But now there's the problem where it won't restart after a reboot.. so I just powered down the server until I can find a solution or someone to help through team viewer. As far as VSFTP you're saying uninstall it and use OpenSSH's SFTP only? Am I understanding that correctly?
Basically SFTP just creates an FTP connection through SSH. Thus you don't need to set up an FTP server because it's all handled through SSH. And, since it's hard to manage a remoter sever with other means ssh should already be on there. Thus SFTP should require no set up except maybe user permissions.
yep so fail2ban and VSFTP sucks in comparison to what my setup is now! Awesome Thanks for the tips!
What's your current set up?