After yet another FTP-based attack today, it occurred to me: are there any FTP servers out there which will ban a user (or even better, run an arbitrary script) if he/she tries to log into a specific account?
Ideally. whenever someone tries to FTP in as root, ftp, backup, or some
other administrative account, I'd like iptables to DROP further incoming
FTP traffic from that address, and an e-mail to be sent automatically to
me and their network's administrator. Blocking FTP traffic immediately
has the added benefit that they won't receive a "login refused" message,
which might slow down any scanning attempts.
- Andrew
pgp00000.pgp
Description: PGP signature
