Improved auto-ban for anti-hacking
|Reported by:||asmodee666||Owned by:|
|Keywords:||Cc:||asmodee666, Tim Kosse|
|Component version:||Operating system type:|
|Operating system version:|
I would like to be able to set the auto-ban to permanently ban any IP who attempts to use a username, password or combination of username and password from set lists. I have almost daily attempts on my FTP from people attempting to log in as administrator with passwords such as passwd, password, 12345, 123abc, etc. I want to be able to set the auto-ban to permanently ban any IP which attempts to log on as administrator, an account which does not exist on my FTP, or attempts to log on with any account using a common password. It should, first, check to see if it is a valid account and password and, if not, automatically ban after a set number (I would set this to 1) of failures.
I would also like to be able to ban any user who attempts to change to certain or nonexistent directories. If I allow anonymous access I inevitably get the 'script kiddies' who all run the same program to try to change to the commonly hackable directories, none of which are accessible on my FTP. I would like to be able to set the auto-ban to permanently ban anyone who tries to change the directory to any in a set list or anyone who attempts to change to a directory which does not exist on a certain number (again, I would set this to 1) of attempts.
For a future concern, rather than simply disconnect IP addresses for those who have been auto-banned, letting them know they have been auto-banned, you may allow them to continue entering usernames and passwords until their heart's content, just stop accepting them after they have been banned. This would give them no clue they have been banned and no clue how many attempts they got before being banned, which would give them no help in coordinating a distributed brute force attack with a bot net.