[quoted text, click to view] "RedForeman" <RedForeman@gmail.com> wrote in message
news:1181247364.992097.161520@m36g2000hse.googlegroups.com...
> On Jun 7, 1:55 pm, "Rob Dob" <robdob20012...@yahoo.com> wrote:
>> Hi,
>>
>> I have a problem, I have some users trying to crack my administrator
>> password by attempting dictionary attacks on my ftp server, I am seeing
>> 100's of failed login attempts within my ftp logs, all of them using the
>> user: administrator and a failed password. Unfortunately I have several
>> users who have dynamic ips and need to access the ftp server, otherwise I
>> would have this port blocked.
>>
>> I am looking for suggestions as to what I should do in this situation,
>> is
>> there a way I can deny the administrator access to the ftp server,
>> therefore
>> it would never allow someone to figure the password?
>>
>> thanks, Rob..
>
> That's pretty simple and it's considered a 'best practice' to do one
> of the following...
>
> Give it a HUGE password, then disable the account
> or
> Rename it to some obscure name, but only after giving it a HUGE
> password...
some like to also create a guest account called Administrator...
[quoted text, click to view] > if it's behind a firewall, there could be something to do
> there....????
If FTP allows ANY account credentials to be given, I do not think that it
can be told which account names to not even try to authenticate. If someone
enters the name of the administrator and a wrong password, FTP will need to
authenticate the pair before it knows that this is the account it is not to
allow in.
I'm going to (try to remember to) try this test with an RDP connection at
work tomorrow:
try to logon to a server with an account that does not have access to logon
to the server;
give a bad password;
observe the message that is displayed;
check to see that it registers in AD as a bad password attempt;
try another login with the correct password;
observe the message that is displayed;
I suspect that the bad password will be counted as an error (hey, do you
want to be totally unaware that someone is guessing your password?), and
that giving the correct password will reset this, even though the logon will
fail for a different reason.
I also suspect that the server will give two different messages as to why it
is not allowing the logon, therefore giving the attemptee confirmation of
which is the correct password.
/Al
