Menu
▾
▴
#9 FTP coverage / Regex request
I tried to add a regex for FTP but just couldn't figure it out! Here are relevant log entries:
Oct 21 10:45:10 host proftpd[16526]: 72.52.165.98 (24.84.192.233[24.84.192.233]) - USER fred (Login failed): Incorrect password.
Oct 19 10:35:30 host proftpd[26535]: host.allpar.com (24.84.192.233[24.84.192.233]) - USER anonymous: no such user found from 24.84.192.233 [24.84.192.233] to 72.52.165.73:21
I searched for a L*O*N*G time to try to find a solution. I really like denyhosts and would prefer to stick with it, but really need to cover ftp as well... and would love to use it for email attempts too ;)
Tried OSSEC but that seemed to have bad effects on the system; and fail2ban turned out to be too complicated for me!
Also, is this acceptable as a config file entry? Will it do what I need it to do? I essentially want to block everything BUT httpd.
BLOCK_SERVICE = sshd pop smtp imap ftp
Thanks...
