I've noticed some "undesirables" trying to login to my ISP machine via FTP, and after 3 attempts him (or her?) gets locked out. Question: 1) How long does it block the same IP from re-attempts? Can it be set? 2) Is there a way to add failed login attempt IP's to the firewall automatically? 3) Where can I set # login attempts for proftpd - seems to be somewhere in other database or config files? Thanks PS. I now have successfully got ISPConfig on perfect Hardy Heron working, with about 5 web sites with external DNS names. I've retired my IIS server and put Linux online. Not bad for a newbie lol... only took me 3 weeks All this thanks mostly from help in this forum...keep up the good work guys.
It's not myself that is the issue, everything is working fine, including proftpd. I can also ftp from the outside world just fine What I was referring to was that outside "hackers" were trying to FTP to my site, and tried to log in 3 times before the system (proftpd) did a "locked out" for that attempt. I do NOT allow any anonymous FTP. I wanted more detail on where those lock out parameters are set. Proftpd is behaving properly, and that user was unwanted, I just wanted the details of the Proftpd settings, and how ISPConfig controls it (if at all) I wanted to know where this "lock out" attempts is set. Currently my system is just the "Pefect server Ubuntu 8.04" with ISPConfig and 5 web sites, nothing else added except ddclient and phpBB3... I keep an active eye on hacking attempts. My "real" firewall is a Mikrotik router at the WAN side, nothing on the "Perfect Server", though I would entertain the though of adding firewall rules to iptables or something (but Mikrotik router has hundreds of rules already...) So, the basic question is: where/how can I review/modify the behaviour of Proftpd, in particular the login attempts and lockouts (like setting it to 2 instead of 3, and setting lockout time to a long time) Steve PS, I did find the parameter for Maxloginattempts in the Proftpd website (default is 3) that goes into proftpd.conf: http://www.proftpd.org/docs/directives/linked/config_ref_MaxLoginAttempts.html But no info yet on how to control the "lockout" period.
