bfd just notifed me that somebody was trying to get into my VPS using ftp, and failed numerous times. bfd locked that person out:

The following are event logs for 31 login failures from 87.123.12.134 on service pure-ftpd (all time stamps are GMT -0400):
----
- Executed actions:
/etc/apf/apf -d 87.123.12.134 {bfd.pure-ftpd}

Just FYI, in case this person will try to get at other VPSs here.

Added to my deny list =)

Well.. imagine that... lol

The following are event logs for 11 login failures from 87.123.12.134 on service pure-ftpd
----
- Executed actions:
/etc/apf/apf -d 87.123.12.134 {bfd.pure-ftpd

I don't know about you guys but I get anywhere from 10-25 notifications from BFD about attacks everyday. Some are minor (10-500 attempts) but every now and then I'll get a 4,000 plus attempt which is obviously a script kiddie.

I get between 10-15 a week but it is sadly increasing. So far from what I see from the logs they are nothing but script kiddies.

bfd just notifed me that somebody was trying to get into my VPS using ftp, and failed numerous times. bfd locked that person out:

The following are event logs for 31 login failures from 87.123.12.134 on service pure-ftpd (all time stamps are GMT -0400):
----
- Executed actions:
/etc/apf/apf -d 87.123.12.134 {bfd.pure-ftpd}

Just FYI, in case this person will try to get at other VPSs here.

The same IP tried to get in to mine VPS also, with no luck :p

The IP belongs to Versatel in Germany.

Changing your SSH port to something none-default will cut down on all but the most serious of folks. =)

I get between 10-15 a week but it is sadly increasing. So far from what I see from the logs they are nothing but script kiddies.I've never received any notification yet till date. Maybe, there wasnt an attack, or maybe I should be more worried than you guys???? which log file should i check to know of these attacks?

Changing your SSH port to something none-default will cut down on all but the most serious of folks. =)

That's one of the first things I do when setting up a new VPS.

These login failures were coming in via FTP.

I've never received any notification yet till date. Maybe, there wasnt an attack, or maybe I should be more worried than you guys???? which log file should i check to know of these attacks?

Make sure your BFD email address is correct or if you have not already install logwatch as you also get notifications of BFD attacks in it's summary as well..

Where abouts to you configure the email address in BFD ?

Should be conf.bfd

# User alert email address
EMAIL_USR="root"

Thanks ... it was set to root.