Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

gav (2710)

gav
  (email not shown publicly)
http://www.estey.com/
AOL IM: flufflegavin (Add Buddy, Send Message)
Hacker in NYC.

Journal of gav (2710)

Thursday June 10, 2004
07:51 AM

script kiddy scum

[ #19178 ]

Some bright spark decided to launch a dictionary attack against my two FTP servers last night, attempting 16,901 logins on each server. The only real harm done was that it generated about 5 meg of logs that logwatch dutifully emailed to me this morning and Apple Mail didn't appreciate.


List all Journal entries
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

script kiddy scum 3 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Too bad there isn't some way to disable the ftp server for 10 to 15 minutes after 3 bad login attempts.
    That would certainly slow down someone attempting this kind of crap.
    • I guess I could write something that looked at the logs and then used iptables to ban that IP, but that seems too much like hard work :)
      • Basically, a rumplestiltskin attack on your FTP. Have something watch the logs, and when it sees N failed logins from an IP, blackhole the IP. Search Google, you should be able to find a basic Perl script which does it with mail logs and not hard to modify.

        Or, turn off FTP and make people scp :-)
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.