he hammer mine ftp-server how can i block that ip

Discussion in 'Linux Networking' started by volkman, Nov 22, 2003.

  1. volkman

    volkman Guest

    hi

    I use proftpd for mine ftp-server.
    but there is a lot of users that hammer mine server so
    i will that iptable automatic block that ip
    example: have he 3 time login in about 30 sec than drop iptable that ip
    is there someone where i can find info about that?
    or know how to do that?

    thnks anyway
    volkman
     
    volkman, Nov 22, 2003
    #1
    1. Advertisements

  2. volkman

    David Guest

    Some of it may be the same host connecting multiple times. If
    that is what is happening you can limit them to just one
    connection by adding the lines below to /etc/profile.conf and
    restarting proftpd.

    # Limit number of logins by host.
    MaxClientsPerHost 1

    With this set it will "refuse" multiple connections from the same
    host but still allow a single connection from the host.
     
    David, Nov 22, 2003
    #2
    1. Advertisements

  3. volkman

    David Guest

    Ooops!! That should be /etc/proftpd.conf NOT /etc/profile.conf
    had my mind on the right file but my fingers on something else.
     
    David, Nov 22, 2003
    #3
  4. volkman

    baskitcaise Guest

    That came make you blind you know :)
     
    baskitcaise, Nov 22, 2003
    #4
  5. volkman

    volkman Guest


    yea, i know that command
    but when the server is full than try the users login
    sometime 120 times in 10 sec
    that do slow me bandwitch a lot
    so is there other way do block that ip?

    vw
     
    volkman, Nov 23, 2003
    #5
  6. volkman

    David Guest

    I had the same thing happening so I set MaxClientsPerHost so that
    only one connection is allowed. The connections are probably from
    an FTP client like Gozilla or one of the other windows clients.

    If you want to block them permanently just setup a BLOCKED_HOSTS
    rule in your firewall and add the IP to the BLOCKED_HOSTS file.
    But that may not do much good if they get a new IP every time
    they connect to their ISP.
     
    David, Nov 23, 2003
    #6
  7. I've found that shorewall is a lot easier to set up
    than the suse firewall, and one of the things it has
    is blacklists, including dynamic blacklist so that
    you can add IPs or IP ranges. www.shorewall.net
    Its easy to install too. Don't know if there is
    a german web site for it.
     
    Slardy Bart Fast, Nov 27, 2003
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.