Topic: block anon ftp or domain?

[Steven Thomson]

I continually get anon ftp logins/logouts from a french domain. I believe it is a hack attempt as my ISP just got hacked from this same domain.
Is there an easy way to either not allow anon ftp or to block an entire domain/IP range ( I don't serve anything for the public anyway) ?

[Bob Todd]

do you need the ftp server at all? If not then simply disable it in the server manager under the remote access. There you can restrict the availability of the ftp to no ftp, priv network or public access iirc. The other way would be to get into the firewall config files and edit them to block all trafffic on ftp ports from the IP's in question. You'd have to search on here for more info on how to edit the files - not something I've had any experience with.

[FredS]

or if you need a FTP server then this is a copy of the template fragment that I use


in /etc/e-smith/templates-custom/etc/proftpd.conf

I created

05MaxInstances

this contains
MaxInstances5

I also created

50AnonymousePrimary

this contains

{
#------------------------------------------------------------
# How to handle anonymous FTP logins: chroot to the primary files
# directory.
#------------------------------------------------------------
}
    User public
    Group public
    UserAlias anonymous public
    UserAlias ftp public
    AnonRequirePassword on
    UseFtpUsers on
    MaxClients 5
    DisplayLogin welcome.msg
    DisplayFirstChdir .message
   
        DenyAll
   
   
       
            DenyAll