Anybody experiencing FTP attacks on their servers?
 

I am getting some crazy FTP attacks from China.

Some bot from China is trying to find exploits on my sites.

Here is an IP 221.130.193.61

My system admin already figured out the pattern and has a script to detect if my server is being attack.


Shit has slowed down my server.

i have experienced that shit just month ago, change every ftp pass you have, and clean that shit if you got infected..

at least youre on it, good luck.

using just a single ip for the attack? That's surprising. Usually they are better than that.

That sucks.


:Oh crap

The attacks are spread out through the day. My system admin is on top of that shit. Whatever bot they are using has unlimited bandwidth to suck and dump shit at 100Mbs...

We see FTP dictionary attacks on most servers where we look for it.
POP3, email, is also a popular target because very often your FTP user/pass
will be approved for POP3, but people leave POP3 unprotected. So the bad
guys brute on POP3, then when they hit one that works try the same user/pass
for FTP, Wordpress, etc. On our servers, EVERY single daemon has brute
force protection - SMTP, IMAP, POP3, FTP... . SSH is keys only, no passwords.
We created a single brute force protection system that can watch any service.
There are just a couple of settings to adapt it fro FTP, POP3, etc.

That sucks!!!

yeah the bastards are a piss off

Best solution, disable FTP! It's antiquated :P

:thumbsup

I can't believe more webmasters don't use ssh/scp/sftp/whatever...