Attack thwarted by bfd

#1 09-21-2005, 08:09 PM

bfd just notifed me that somebody was trying to get into my VPS using ftp, and failed numerous times. bfd locked that person out:

The following are event logs for 31 login failures from 87.123.12.134 on service pure-ftpd (all time stamps are GMT -0400):
----
- Executed actions:
/etc/apf/apf -d 87.123.12.134 {bfd.pure-ftpd}

Just FYI, in case this person will try to get at other VPSs here.

elix · #2 09-21-2005, 08:17 PM

Added to my deny list =)

BornOnline · #3 09-21-2005, 11:10 PM

Well.. imagine that... lol

The following are event logs for 11 login failures from 87.123.12.134 on service pure-ftpd
----
- Executed actions:
/etc/apf/apf -d 87.123.12.134 {bfd.pure-ftpd

#4 09-22-2005, 01:08 AM

I don't know about you guys but I get anywhere from 10-25 notifications from BFD about attacks everyday. Some are minor (10-500 attempts) but every now and then I'll get a 4,000 plus attempt which is obviously a script kiddie.

#5 09-22-2005, 02:36 AM

I get between 10-15 a week but it is sadly increasing. So far from what I see from the logs they are nothing but script kiddies.

KARanden · #6 09-22-2005, 03:14 AM

Quote:

Originally Posted by mikelbeck

bfd just notifed me that somebody was trying to get into my VPS using ftp, and failed numerous times. bfd locked that person out:

The following are event logs for 31 login failures from 87.123.12.134 on service pure-ftpd (all time stamps are GMT -0400):
----
- Executed actions:
/etc/apf/apf -d 87.123.12.134 {bfd.pure-ftpd}

Just FYI, in case this person will try to get at other VPSs here.

The same IP tried to get in to mine VPS also, with no luck

The IP belongs to Versatel in Germany.

Tony · #7 09-22-2005, 08:16 AM

Changing your SSH port to something none-default will cut down on all but the most serious of folks. =)

Zaf · #8 09-22-2005, 08:32 AM

Quote:

Originally Posted by ozgreg

I get between 10-15 a week but it is sadly increasing. So far from what I see from the logs they are nothing but script kiddies.

I've never received any notification yet till date. Maybe, there wasnt an attack, or maybe I should be more worried than you guys???? which log file should i check to know of these attacks?

#9 09-22-2005, 09:22 AM

Quote:

Originally Posted by Tony

Changing your SSH port to something none-default will cut down on all but the most serious of folks. =)

That's one of the first things I do when setting up a new VPS.

These login failures were coming in via FTP.

#10 09-22-2005, 04:51 PM

Quote:

Originally Posted by Shahzada

I've never received any notification yet till date. Maybe, there wasnt an attack, or maybe I should be more worried than you guys???? which log file should i check to know of these attacks?

Make sure your BFD email address is correct or if you have not already install logwatch as you also get notifications of BFD attacks in it's summary as well..