pure-ftpd login attempts cleartext

Post Reply
wowkise
Junior Member
Posts: 17
Joined: 05 Nov 2011, 23:19

pure-ftpd login attempts cleartext

Post by wowkise »

Hello,

it will be really nice if we could detect massive pure-ftpd non TLS connection, yesterday i had log file of about 25k login attempts trying to login using non TLS connection which i disallow, is there any chance that you may make a an option to track those messages and block the ips if they exceed certain number of error messages such as 20.

those are the messages im talking about

Feb 14 11:30:52 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Feb 14 11:30:58 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Feb 14 11:31:03 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Feb 14 11:31:05 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Feb 14 11:31:07 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Feb 14 11:31:08 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Feb 14 11:31:10 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Feb 14 11:31:12 server pure-ftpd: (?@27.x.x.x) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.

Thank you.
Top
morleysanto
Junior Member
Posts: 3
Joined: 06 Nov 2012, 22:13

Re: pure-ftpd login attempts cleartext

Post by morleysanto »

I would appreciate some help with this problem also. I had an attack that started Mar 13 14:00:04 and ended 14:59:59

logged: Log Scanner Report for 16:00, (lines:11795)

Could anyone point me to a solution that would catch this?

Thanks
Top
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: pure-ftpd login attempts cleartext

Post by ForumAdmin »

You would have to write a custom regex to catch this as it is not a format that csf detects, using /etc/csf/regex.custom.pm
Top
morleysanto
Junior Member
Posts: 3
Joined: 06 Nov 2012, 22:13

Re: pure-ftpd login attempts cleartext

Post by morleysanto »

Thanks!
Top
Post Reply

Return to “Suggestions (csf)”