Ban after X login attempts FTP

[JuanCar]

How can close FTP access to a host when it has reached an excesive number of logins attempt?
Firewall and Ipchains are unuseless, a hacker change his IP every time and so it's absurd ban an IP in this way.
I mean a way to ban the IP after X logins failed and keep the ban for 1 or more hours or days. And of course: automatic.
Thanks

 

[Kartoffelsack]

How can close FTP access to a host when it has reached an excesive number of logins attempt?
Firewall and Ipchains are unuseless, a hacker change his IP every time and so it's absurd ban an IP in this way.
I mean a way to ban the IP after X logins failed and keep the ban for 1 or more hours or days. And of course: automatic.
Thanks

Which IP do you want to ban actually? If the attacker uses the same IP with every attempt, you can ban this IP using a firewall rule. If the attacker changes his IP with every attempt, you can't ban any IP usefully, as it's only used once for an attack. Probably the attacker uses IPs from same subnet so you could try to block subnet instead of single IP. Or does he use the same login every time? Then you might block this account for new connections.

What you could do else, is either to ban access to ftp at all, i.e. close ftp completely for new connections. Or you could setup some advanced firewall rules which try to detect the signature of the attacker and block his connections careless of what IP he uses. Pretty hard to set up and to manage, but once running, very efficient.

 

[EgidijusS]

You can try Fail2ban. I'm using this for POP IMAP logins.

 

[JuanCar]

Fail2ban

Thank you, it's easy to install and config. I'll try it

Bye