Checking my log , I see that I am Getting lot of ftp brute force attack . sometimes my vps provider null route because of DDos attacks. I am new to vps managing. I want to know how to secure my vps.
is this a targeted attack ? I see the attacker is trying to use my domain.com as username
Dec 28 06:55:34 vps xinetd[7523]: EXIT: ftp status=0 pid=26036 duration=6(sec)
Dec 28 06:55:36 vps xinetd[7523]: START: ftp pid=26038 from=::ffff:175.44.5.91
Dec 28 06:55:36 vps pure-ftpd: (?@175.44.5.91) [INFO] New connection from 175.44.5.91
Dec 28 06:55:40 vps pure-ftpd: (?@175.44.5.91) [WARNING] Authentication failed for user [admin_com]
Dec 28 06:55:41 vps pure-ftpd: (?@175.44.5.91) [INFO] Logout.
Dec 28 06:55:41 vps xinetd[7523]: EXIT: ftp status=0 pid=26038 duration=5(sec)
Dec 28 06:55:41 vps xinetd[7523]: START: ftp pid=26040 from=::ffff:175.44.5.91
Dec 28 06:55:41 vps pure-ftpd: (?@175.44.5.91) [INFO] New connection from 175.44.5.91
Dec 28 06:55:46 vps pure-ftpd: (?@175.44.5.91) [WARNING] Authentication failed for user [root_com]
Dec 28 06:55:46 vps pure-ftpd: (?@175.44.5.91) [INFO] Logout.
Dec 28 06:55:46 vps xinetd[7523]: EXIT: ftp status=0 pid=26040 duration=5(sec)
Dec 28 06:55:47 vps xinetd[7523]: START: ftp pid=26042 from=::ffff:175.44.5.91
Dec 28 06:55:47 vps pure-ftpd: (?@175.44.5.91) [INFO] New connection from 175.44.5.91
Dec 28 06:55:52 vps pure-ftpd: (?@175.44.5.91) [WARNING] Authentication failed for user [www.domain.org]
Dec 28 06:55:52 vps pure-ftpd: (?@175.44.5.91) [INFO] Logout.
Dec 28 06:55:52 vps xinetd[7523]: EXIT: ftp status=0 pid=26042 duration=5(sec)
Dec 28 06:55:53 vps xinetd[7523]: START: ftp pid=26044 from=::ffff:175.44.5.91
Dec 28 06:55:53 vps pure-ftpd: (?@175.44.5.91) [INFO] New connection from 175.44.5.91
Dec 28 06:55:58 vps pure-ftpd: (?@175.44.5.91) [WARNING] Authentication failed for user [domai,.com]
Dec 28 06:55:58 vps pure-ftpd: (?@175.44.5.91) [INFO] Logout.
Dec 28 06:55:58 vps xinetd[7523]: EXIT: ftp status=0 pid=26044 duration=5(sec)
Dec 28 06:56:00 vps xinetd[7523]: START: ftp pid=26047 from=::ffff:175.44.5.91
Dec 28 06:56:00 vps pure-ftpd: (?@175.44.5.91) [INFO] New connection from 175.44.5.91
Dec 28 06:56:05 vps pure-ftpd: (?@175.44.5.91) [WARNING] Authentication failed for user [domainorg]
Dec 28 06:56:05 vps pure-ftpd: (?@175.44.5.91) [INFO] Logout.
Dec 28 06:56:05 vps xinetd[7523]: EXIT: ftp status=0 pid=26047 duration=5(sec)
Dec 28 06:56:16 vps xinetd[7523]: START: ftp pid=26049 from=::ffff:175.44.5.91
Dec 28 06:56:16 vps pure-ftpd: (?@175.44.5.91) [INFO] New connection from 175.44.5.91
Dec 28 06:56:21 vps pure-ftpd: (?@175.44.5.91) [WARNING] Authentication failed for user [admin]
Dec 28 06:56:21 vps pure-ftpd: (?@175.44.5.91) [INFO] Logout.
Dec 28 06:56:21 vps xinetd[7523]: EXIT: ftp status=0 pid=26049 duration=5(sec)
Dec 28 06:56:22 vps xinetd[7523]: START: ftp pid=26051 from=::ffff:175.44.5.91
Dec 28 06:56:22 vps pure-ftpd: (?@175.44.5.91) [INFO] New connection from 175.44.5.91
Dec 28 06:56:28 vps pure-ftpd: (?@175.44.5.91) [WARNING] Authentication failed for user [root]
Dec 28 06:56:28 vps pure-ftpd: (?@175.44.5.91) [INFO] Logout.
Dec 28 06:56:28 vps xinetd[7523]: EXIT: ftp status=0 pid=26051 duration=6(sec)
Dec 28 06:56:28 vps xinetd[7523]: START: ftp pid=26053 from=::ffff:175.44.5.91
Dec 28 06:56:28 vps pure-ftpd: (?@175.44.5.91) [INFO] New connection from 175.44.5.91
Dec 28 06:56:35 vps pure-ftpd: (?@175.44.5.91) [WARNING] Authentication failed for user [domain_org]
Dec 28 06:56:35 vps pure-ftpd: (?@175.44.5.91) [INFO] Logout.
Dec 28 06:56:35 vps xinetd[7523]: EXIT: ftp status=0 pid=26053 duration=7(sec)
Dec 28 06:56:35 vps xinetd[7523]: START: ftp pid=26056 from=::ffff:175.44.5.91
Dec 28 06:56:35 vps pure-ftpd: (?@175.44.5.91) [INFO] New connection from 175.44.5.91
Dec 28 06:56:39 vps pure-ftpd: (?@175.44.5.91) [WARNING] Authentication failed for user [admin_org]
Dec 28 06:56:39 vps pure-ftpd: (?@175.44.5.91) [INFO] Logout.
Dec 28 06:56:39 vps xinetd[7523]: EXIT: ftp status=0 pid=26056 duration=4(sec)
Dec 28 06:56:47 vps xinetd[7523]: START: ftp pid=26058 from=::ffff:175.44.5.91
Dec 28 06:56:47 vps pure-ftpd: (?@175.44.5.91) [INFO] New connection from 175.44.5.91
Dec 28 06:56:51 vps pure-ftpd: (?@175.44.5.91) [WARNING] Authentication failed for user [root_org]
Dec 28 06:56:51 vps pure-ftpd: (?@175.44.5.91) [INFO] Logout.
Dec 28 06:56:51 vps xinetd[7523]: EXIT: ftp status=0 pid=26058 duration=4(sec)
Dec 28 06:56:51 vps xinetd[7523]: START: ftp pid=26060 from=::ffff:175.44.5.91
Dec 28 06:56:52 vps pure-ftpd: (?@175.44.5.91) [INFO] New connection from 175.44.5.91
Dec 28 06:56:56 vps pure-ftpd: (?@175.44.5.91) [WARNING] Authentication failed for user [adomain_com]
Dec 28 06:56:57 vps pure-ftpd: (?@175.44.5.91) [INFO] Logout.
Dec 28 06:56:57 vps xinetd[7523]: EXIT: ftp status=0 pid=26060 duration=6(sec)
Dec 28 13:45:20 vps xinetd[7523]: Exiting...
I keep getting attacks from different IP not just the one listed in the log
how do I change default pureftp port ?
does LxGuard protect ftp, ssh, too, or only the admin login
http://1.2.3.4/7777 ??
why IPtables states is always "stopped"
even when I click start it doesn't change.