FTP Hacking
- From: "Bitsmasher" <abracad@xxxxxxxxxx>
- Date: Mon, 1 Oct 2007 14:54:55 -0400
Greetings all!
As a consultant I support 6 SBS 2003 machines. A few of these need to run an
FTP server which is fine except this is an attack target since there is no
time delay after unsuccessful login attempts.
I will find EventID 529 and 100 in the Event Viewer logs after these
attempts. My research has found that it is some scum sucking hacker using a
script that tries several userids and passwords umpteen times to hack into
your FTP server. Userid Administrator is the most frequently tried. More
details on these attempts are in C:\WINDOWS\system32\LogFiles\MSFTPSVC1. I
get hit with about 10 every second for several hours at a clip, which does
not do wonders for my internet bandwidth!
Here are a few things I have done to help me sleep better at night:
1. Renamed the server's administrator account.
2. Insured all users that have permission to FTP server have complex
passwords.
3. Went to http://blog.netnerds.net/index.php?s=banftpips.vbs and got
Chrissy LeMaire's script file - this collects and bans the IP addresses of
hacks trying to get in as administrator.
4. Disabled anonymous FTP access.
My big question: Is there any registry or policy setting or script I can use
to initiate a time delay after each unsuccessful FTP login attempt?
If anyone uses other methods to deal with this issue please reply!
Regards,
Bs.
.
- Follow-Ups:
- Re: FTP Hacking
- From: Leythos
- Re: FTP Hacking
- Prev by Date: Re: Question on authenticating ougoing mail on SBS 2003 R2
- Next by Date: Re: FTP Hacking
- Previous by thread: Re: Question on authenticating ougoing mail on SBS 2003 R2
- Next by thread: Re: FTP Hacking
- Index(es):
Relevant Pages
|
