Jump to content


Member Since 10 Sep 2008
Offline Last Active Jul 16 2018 03:49 PM

Topics I've Started

Tips for securing public-facing SFTP?

20 March 2018 - 09:28 AM

Been hacking away at this issue for a few days, and I think it's in a state where I'm happy with it, but just wanted to pick y'all's brains to see if I've missed anything.

I run a website with a facility for users to upload files: http://www.vogonsdrivers.com

I have ProFTPd configured as an SFTP server, and using mod_sql for authentication.

When a user logged in to the website clicks a "Get FTP login" button, a row is inserted to (or updated in) ProFTPd's users table, and the user can log in to SFTP with the generated credentials. These credentials expire after 12 hours.

The trouble I was having was that since SFTP looks like an SSH service, I'm getting hundreds if not thousands of attempted connections a day trying credentials like "root" "www-data" "admin" "staff" etc etc.

I have configured fail2ban on the machine, such that repeated unsuccessful auth attempts will render the client's IP blocked. I also keep the VM up to date with a daily "apt-get update && apt-get upgrade".

Is there anything else you guys can think of?

PSA: Professional audio software Humble Bundle

07 March 2018 - 01:00 PM


$20 (US I assume) for Acid Pro 7 alone is a steal, never mind all the other cool shit at the lower tiers.


19 October 2017 - 09:51 AM


I'm up to Inkwell Isle Three, having started playing only last week. People have been saying it's the Dark Souls of platformers, which I agree with to some extent, but I'd rather describe it as a more accessible Metal Slug.

But all that aside, I LOVE it. It's a callback to the type of video game I love, things like Metal Slug, Gradius, Contra, Ghouls and Ghosts, and the like.

As a cherry on top of this delicious cake, the game is on GoG, DRM FREE JUST LIKE GRANDMA USED TO MAKE.

So who's playing? Beaten it? Engaged in dangerous drinking activity as a misguided strategy?