Been hacking away at this issue for a few days, and I think it's in a state where I'm happy with it, but just wanted to pick y'all's brains to see if I've missed anything.
I run a website with a facility for users to upload files: http://www.vogonsdrivers.com
I have ProFTPd configured as an SFTP server, and using mod_sql for authentication.
When a user logged in to the website clicks a "Get FTP login" button, a row is inserted to (or updated in) ProFTPd's users table, and the user can log in to SFTP with the generated credentials. These credentials expire after 12 hours.
The trouble I was having was that since SFTP looks like an SSH service, I'm getting hundreds if not thousands of attempted connections a day trying credentials like "root" "www-data" "admin" "staff" etc etc.
I have configured fail2ban on the machine, such that repeated unsuccessful auth attempts will render the client's IP blocked. I also keep the VM up to date with a daily "apt-get update && apt-get upgrade".
Is there anything else you guys can think of?
SquallStrifeMember Since 10 Sep 2008
Offline Last Active Private