he hammer mine ftp-server how can i block that ip

hi

I use proftpd for mine ftp-server.
but there is a lot of users that hammer mine server so
i will that iptable automatic block that ip
example: have he 3 time login in about 30 sec than drop iptable that ip
is there someone where i can find info about that?
or know how to do that?

thnks anyway
volkman

volkman wrote:
>
> I use proftpd for mine ftp-server.
> but there is a lot of users that hammer mine server so
> i will that iptable automatic block that ip
> example: have he 3 time login in about 30 sec than drop iptable that ip
> is there someone where i can find info about that?
> or know how to do that?

Some of it may be the same host connecting multiple times. If
that is what is happening you can limit them to just one
connection by adding the lines below to /etc/profile.conf and
restarting proftpd.

# Limit number of logins by host.
MaxClientsPerHost 1

With this set it will "refuse" multiple connections from the same
host but still allow a single connection from the host.

--
Confucius: He who play in root, eventually kill tree.
Registered with The Linux Counter. http://counter.li.org/
Slackware 9.1.0 Kernel 2.4.22 SMP i686 (GCC) 3.3.2
Uptime: 14:54, 1 user, load average: 0.69, 0.40, 0.43

David wrote:
>
> Some of it may be the same host connecting multiple times. If that is
> what is happening you can limit them to just one connection by adding
> the lines below to /etc/profile.conf and restarting proftpd.

Ooops!! That should be /etc/proftpd.conf NOT /etc/profile.conf
had my mind on the right file but my fingers on something else.

--
Confucius: He who play in root, eventually kill tree.
Registered with The Linux Counter. http://counter.li.org/
Slackware 9.1.0 Kernel 2.4.22 SMP i686 (GCC) 3.3.2
Uptime: 15:54, 2 users, load average: 0.09, 0.08, 0.07

David wrote:

> David wrote:
>>
>> Some of it may be the same host connecting multiple times. If that is
>> what is happening you can limit them to just one connection by adding
>> the lines below to /etc/profile.conf and restarting proftpd.
>
> Ooops!! That should be /etc/proftpd.conf NOT /etc/profile.conf
> had my mind on the right file but my fingers on something else.
>

That came make you blind you know

--
Mark
Twixt hill and high water.
N.Wales, UK.
Email is spam trap try baskitcaise at gmx dot co dot uk

"David" <(E-Mail Removed)> schreef in bericht
news:FRQvb.210560$ao4.749617@attbi_s51...
> volkman wrote:
> >
> > I use proftpd for mine ftp-server.
> > but there is a lot of users that hammer mine server so
> > i will that iptable automatic block that ip
> > example: have he 3 time login in about 30 sec than drop iptable that ip
> > is there someone where i can find info about that?
> > or know how to do that?
>
> Some of it may be the same host connecting multiple times. If
> that is what is happening you can limit them to just one
> connection by adding the lines below to /etc/profile.conf and
> restarting proftpd.
>
> # Limit number of logins by host.
> MaxClientsPerHost 1
>
> With this set it will "refuse" multiple connections from the same
> host but still allow a single connection from the host.
>
> --
> Confucius: He who play in root, eventually kill tree.
> Registered with The Linux Counter. http://counter.li.org/
> Slackware 9.1.0 Kernel 2.4.22 SMP i686 (GCC) 3.3.2
> Uptime: 14:54, 1 user, load average: 0.69, 0.40, 0.43


yea, i know that command
but when the server is full than try the users login
sometime 120 times in 10 sec
that do slow me bandwitch a lot
so is there other way do block that ip?

vw

volkman wrote:
>
> yea, i know that command
> but when the server is full than try the users login
> sometime 120 times in 10 sec
> that do slow me bandwitch a lot
> so is there other way do block that ip?

I had the same thing happening so I set MaxClientsPerHost so that
only one connection is allowed. The connections are probably from
an FTP client like Gozilla or one of the other windows clients.

If you want to block them permanently just setup a BLOCKED_HOSTS
rule in your firewall and add the IP to the BLOCKED_HOSTS file.
But that may not do much good if they get a new IP every time
they connect to their ISP.

--
Confucius: He who play in root, eventually kill tree.
Registered with The Linux Counter. http://counter.li.org/
Slackware 9.1.0 Kernel 2.4.22 SMP i686 (GCC) 3.3.2
Uptime: 1 day, 7:54, 1 user, load average: 0.01, 0.04, 0.11

volkman wrote:

>
> "David" <(E-Mail Removed)> schreef in bericht
> news:FRQvb.210560$ao4.749617@attbi_s51...
>> volkman wrote:
>> >
>> > I use proftpd for mine ftp-server.
>> > but there is a lot of users that hammer mine server so
>> > i will that iptable automatic block that ip
>> > example: have he 3 time login in about 30 sec than drop iptable that ip
>> > is there someone where i can find info about that?
>> > or know how to do that?
>>
>> Some of it may be the same host connecting multiple times. If
>> that is what is happening you can limit them to just one
>> connection by adding the lines below to /etc/profile.conf and
>> restarting proftpd.
>>
>> # Limit number of logins by host.
>> MaxClientsPerHost 1
>>
>> With this set it will "refuse" multiple connections from the same
>> host but still allow a single connection from the host.
>>
>> --
>> Confucius: He who play in root, eventually kill tree.
>> Registered with The Linux Counter. http://counter.li.org/
>> Slackware 9.1.0 Kernel 2.4.22 SMP i686 (GCC) 3.3.2
>> Uptime: 14:54, 1 user, load average: 0.69, 0.40, 0.43
>
>
> yea, i know that command
> but when the server is full than try the users login
> sometime 120 times in 10 sec
> that do slow me bandwitch a lot
> so is there other way do block that ip?
>
> vw

I've found that shorewall is a lot easier to set up
than the suse firewall, and one of the things it has
is blacklists, including dynamic blacklist so that
you can add IPs or IP ranges. www.shorewall.net
Its easy to install too. Don't know if there is
a german web site for it.


--
Slardy Bart Fast