Proftpd anti-guessing credentials

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
roland90
DD-WRT User


Joined: 22 Oct 2015
Posts: 123
PostPosted: Fri Apr 29, 2016 12:26    Post subject: Proftpd anti-guessing credentials Reply with quote
I have a configured proftpd and I have to achive that when someone tries to guess the user/pass, after the 5. unsuccessful login, ban for a specified time, and log this kind of activity.
I found some code on ddwrt wiki but it isn't helped me.

Quote:
This command, however, is not very secure as anyone with a port scanner and a password generator can attempt to "guess" your user-name(s) and password(s). The following rules will provide a much safer alternative:

Code:
wanf=`nvram get wan_iface`
iptables -I INPUT 2 -i $wanf -p tcp  --dport 21 -j logdrop
iptables -I INPUT 2 -i $wanf -p tcp -m state --state NEW --dport 21 -m limit --limit 3/minute --limit-burst 2 -j logaccept


And I have found that:
http://www.proftpd.org/docs/contrib/mod_ban.html

My router config file:

Code:
ServerName      DD-WRT
DefaultAddress  192.168.1.1
ServerType      standalone
DefaultServer   on
ScoreboardFile  /tmp/proftpd/etc/proftpd.scoreboard
Port            21
Umask           022
MaxInstances    10
MaxLoginAttempts 3
User            root
Group           root
UseReverseDNS   off
IdentLookups    off
RootLogin       on
AllowOverwrite  on
AllowRetrieveRestart  on
AllowStoreRestart  on
ExtendedLog /mnt/sda1/rolcs/log all

  <IfModule mod_ban.c>
    BanEngine on
    BanLog /mnt/sda1/rolcs/ban.log
    BanTable /var/data//proftpd/ban.tab

    # If the same client reaches the MaxLoginAttempts limit 2 times
    # within 10 minutes, automatically add a ban for that client that
    # will expire after one hour.
    BanOnEvent MaxLoginAttempts 3/00:10:00 00:03:00

    # Allow the FTP admin to manually add/remove bans
    BanControlsACLs all allow user ftpadm
  </IfModule>

AuthUserFile   /tmp/proftpd/etc/passwd


How can be done it?
Back to top View user's profile Send private message
Sponsor
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1634
Location: Belgrade
PostPosted: Fri Apr 29, 2016 20:40    Post subject: Reply with quote
on Security tab you have Limit FTP Server Access feature... when checked it creates iptables limiting bruteforce rule...
Back to top View user's profile Send private message
roland90
DD-WRT User


Joined: 22 Oct 2015
Posts: 123
PostPosted: Sat Apr 30, 2016 20:35    Post subject: Reply with quote
OK. You are right.
I switched 'Limit FTP Server Access' feature.
But nothing changed.
I didn't show any records in firewall log which says ban and I can guessing continuously.
Helpppp Shocked
Back to top View user's profile Send private message
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1634
Location: Belgrade
PostPosted: Sun May 01, 2016 8:29    Post subject: Reply with quote
On security tab enable Log Management.
Log level High option Dropped.
Back to top View user's profile Send private message
roland90
DD-WRT User


Joined: 22 Oct 2015
Posts: 123
PostPosted: Tue May 03, 2016 16:06    Post subject: Reply with quote
It is enabled, but nothing changed.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum