Koozali.org: home of the SME Server

Obsolete Releases => SME Server 8.x => Topic started by: mgb on April 25, 2012, 07:34:49 AM

Title: Is it possible To close access to specific IP FTP
Post by: mgb on April 25, 2012, 07:34:49 AM

Is it possible To close access to specific IP FTP
 I have a hacking attempts through FTP
deny ip port ftp  *.*.*.*
hosts .deny

 Thank you

Title: Re: Is it possible To close access to specific IP FTP
Post by: chris burnat on April 25, 2012, 08:10:06 AM

Quote from: mgb on April 25, 2012, 07:34:49 AM

Is it possible To close access to specific IP FTP
 I have a hacking attempts through FTP
deny ip port ftp  *.*.*.*
hosts .deny

 Thank you

Trying to block a specific IP is a waste of time.  Do not use FTP, it is (very) unsafe.  Use SFTP instead.  Check the Forums, there should be many posts about this topic.  There are a few free clients to install on your PC, Filezilla is a good choice with versions for Linux and Windows.

Title: Re: Is it possible To close access to specific IP FTP
Post by: janet on April 25, 2012, 01:17:52 PM

mgb

Please read the FAQ
http://wiki.contribs.org/SME_Server:Documentation:FAQ#Firewall

Title: Re: Is it possible To close access to specific IP FTP
Post by: mgb on April 25, 2012, 03:17:33 PM

is not work
 config setprop manta DenyHosts 1.2.3.4
signal-event remoteaccess-update

log*1000000
16:07:27 server proftpd[12378]: 10.72.8.1 (1.2.3.4[1.2.3.4]) - FTP session opened.
Apr 25 16:07:27 server proftpd[12378]: 10.72.8.1 (1.2.3.4[1.2.3.4]) - FTP session closed.
Apr 25 16:08:27 server proftpd[12398]: 10.72.8.1 (1.2.3.4[1.2.3.4])  - FTP session opened.
Apr 25 16:08:27 server proftpd[12398]: 10.72.8.1 (1.2.3.4[1.2.3.4])  - FTP session closed.

 

Title: Re: Is it possible To close access to specific IP FTP
Post by: janet on April 25, 2012, 03:27:21 PM

mgb

Quote

is not work
 config setprop manta DenyHosts 1.2.3.4

I am sure the command you used will not work.
You must replace manta with the service you want to affect ie ftp
You replace 1.2.3.4 with the IP you are blocking ie 66.421.38.7
eg
config setprop ftp DenyHosts 66.421.38.7

Title: Re: Is it possible To close access to specific IP FTP
Post by: mgb on April 25, 2012, 03:51:05 PM

config setprop ftp DenyHosts 1.2.3.4
signal-event remoteaccess-update

is work

Title: Re: Is it possible To close access to specific IP FTP
Post by: CharlieBrady on April 26, 2012, 05:04:13 AM

Quote from: chris burnat on April 25, 2012, 08:10:06 AM

Trying to block a specific IP is a waste of time.  Do not use FTP, it is (very) unsafe.

I agree on both counts. mgb says "is work" - but for how long?

Title: Re: Is it possible To close access to specific IP FTP
Post by: janet on April 26, 2012, 05:39:57 AM

mgb

Quote

mgb says "is work" - but for how long?

Yes I agree too with Chris & Charlie, the fix is only temporary until the hackers try from another IP.
mgb, you will only be kept busy entering "blocking rules" over and over as different IP's are used.
You are far better to implement & use ONLY secure protocols ie sftp, Public Private keys for ssh and so on, that provide full security and do not need to be "looked after".

Title: Re: Is it possible To close access to specific IP FTP
Post by: calisun on April 29, 2012, 11:31:57 PM

Try this contrib, works great for me:
http://wiki.contribs.org/Denyhosts (http://wiki.contribs.org/Denyhosts)

Title: Re: Is it possible To close access to specific IP FTP
Post by: chris burnat on April 30, 2012, 12:48:31 AM

Quote from: calisun on April 29, 2012, 11:31:57 PM

Try this contrib, works great for me:
http://wiki.contribs.org/Denyhosts (http://wiki.contribs.org/Denyhosts)

This contrib deals with SSH logon attempt, not FTP.
Nothing to do with topic.

Title: Re: Is it possible To close access to specific IP FTP
Post by: calisun on May 02, 2012, 09:34:30 AM

If you disable ftp and only allow sftp, will this plugin not catch catch fake sftp attempts?