How to prevent user from access administrators password via attacks on my ftp server

Discussion in 'Security Software' started by Rob Dob, Jun 7, 2007.

  1. Rob Dob

    Rob Dob Guest

    Hi,

    I have a problem, I have some users trying to crack my administrator
    password by attempting dictionary attacks on my ftp server, I am seeing
    100's of failed login attempts within my ftp logs, all of them using the
    user: administrator and a failed password. Unfortunately I have several
    users who have dynamic ips and need to access the ftp server, otherwise I
    would have this port blocked.

    I am looking for suggestions as to what I should do in this situation, is
    there a way I can deny the administrator access to the ftp server, therefore
    it would never allow someone to figure the password?

    thanks, Rob..
     
    Rob Dob, Jun 7, 2007
    #1
    1. Advertisements

  2. Rob Dob

    Mark Randall Guest

    Just use a long password, then the chances of it being cracked are pretty
    much zero.

    - Mark
     
    Mark Randall, Jun 7, 2007
    #2
    1. Advertisements

  3. Rob Dob

    RedForeman Guest

    That's pretty simple and it's considered a 'best practice' to do one
    of the following...

    Give it a HUGE password, then disable the account
    or
    Rename it to some obscure name, but only after giving it a HUGE
    password...

    if it's behind a firewall, there could be something to do
    there....????

    RedForeman
     
    RedForeman, Jun 7, 2007
    #3
  4. Rob Dob

    Al Dunbar Guest

    some like to also create a guest account called Administrator...
    If FTP allows ANY account credentials to be given, I do not think that it
    can be told which account names to not even try to authenticate. If someone
    enters the name of the administrator and a wrong password, FTP will need to
    authenticate the pair before it knows that this is the account it is not to
    allow in.

    I'm going to (try to remember to) try this test with an RDP connection at
    work tomorrow:

    try to logon to a server with an account that does not have access to logon
    to the server;
    give a bad password;
    observe the message that is displayed;
    check to see that it registers in AD as a bad password attempt;
    try another login with the correct password;
    observe the message that is displayed;

    I suspect that the bad password will be counted as an error (hey, do you
    want to be totally unaware that someone is guessing your password?), and
    that giving the correct password will reset this, even though the logon will
    fail for a different reason.

    I also suspect that the server will give two different messages as to why it
    is not allowing the logon, therefore giving the attemptee confirmation of
    which is the correct password.

    /Al
     
    Al Dunbar, Jun 8, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.