How to prevent user from access administrators password via attacks on my ftp server

[Rob Dob]

Hi,

I have a problem, I have some users trying to crack my administrator
password by attempting dictionary attacks on my ftp server, I am seeing
100's of failed login attempts within my ftp logs, all of them using the
user: administrator and a failed password. Unfortunately I have several
users who have dynamic ips and need to access the ftp server, otherwise I
would have this port blocked.

I am looking for suggestions as to what I should do in this situation, is
there a way I can deny the administrator access to the ftp server, therefore
it would never allow someone to figure the password?

thanks, Rob..

 

[Mark Randall]

Just use a long password, then the chances of it being cracked are pretty
much zero.

- Mark

 

[RedForeman]

Hi,

I have a problem, I have some users trying to crack my administrator
password by attempting dictionary attacks on my ftp server, I am seeing
100's of failed login attempts within my ftp logs, all of them using the
user: administrator and a failed password. Unfortunately I have several
users who have dynamic ips and need to access the ftp server, otherwise I
would have this port blocked.

I am looking for suggestions as to what I should do in this situation, is
there a way I can deny the administrator access to the ftp server, therefore
it would never allow someone to figure the password?

thanks, Rob..

That's pretty simple and it's considered a 'best practice' to do one
of the following...

Give it a HUGE password, then disable the account
or
Rename it to some obscure name, but only after giving it a HUGE
password...

if it's behind a firewall, there could be something to do
there....????

RedForeman

 

[Al Dunbar]

That's pretty simple and it's considered a 'best practice' to do one
of the following...

Give it a HUGE password, then disable the account
or
Rename it to some obscure name, but only after giving it a HUGE
password...

some like to also create a guest account called Administrator...

if it's behind a firewall, there could be something to do
there....????

If FTP allows ANY account credentials to be given, I do not think that it
can be told which account names to not even try to authenticate. If someone
enters the name of the administrator and a wrong password, FTP will need to
authenticate the pair before it knows that this is the account it is not to
allow in.

I'm going to (try to remember to) try this test with an RDP connection at
work tomorrow:

try to logon to a server with an account that does not have access to logon
to the server;
give a bad password;
observe the message that is displayed;
check to see that it registers in AD as a bad password attempt;
try another login with the correct password;
observe the message that is displayed;

I suspect that the bad password will be counted as an error (hey, do you
want to be totally unaware that someone is guessing your password?), and
that giving the correct password will reset this, even though the logon will
fail for a different reason.

I also suspect that the server will give two different messages as to why it
is not allowing the logon, therefore giving the attemptee confirmation of
which is the correct password.

/Al