Block IP with OS X's FTP server after number of failures?
Sarah from my bbs.bdaqua.net posted this question and info...
"Every few days I get someone spamming my FTP server trying to log in with random names (stephen, steven, teo, stefany, Administrator, etc). Since it's different names (of accounts that don't exist of course), and different addresses attempting it, is there any way I can make it automatically block access from a certain IP after a few bad attempts in the same day?"
"All from very different IPs, possibly spoofed."
Any suggestions/help?
You need to configure
/etc/hosts.allow
and
/etc/hosts.deny
Putting this text into hosts.deny will block all logins on all services:
ALL:ALL
# file MUST include final lineending!
As you can see, the last line must contain a lineending or the file will be unparseable.
Then, you add text to hosts.allow to specifically allow certain IP addresses, hostnames or usernames:
ALL : localhost
ALL : 127.0.0.1
ALL : 192.168.
ALL : .qwest.net
sshd : .comcast.net
# RCN New York:
ftpd : 207.237.
Notice that the last line allows me to login to FTP from any IP address if my ISP is RCN New York. The first 3 lines allow me to login to all services from the localnet or Qwest.
As to your specific question, there are scripts you can run to examine the secure.log for repeated failures which then add the relevant lines to hosts.deny, but for the normal server that is a little drastic.
Similar Messages
-
Problem with downloading file from FTP server
Hello all
I have uploaded a file from an application i developed and i want to download this file from another application. The code is
public static void FTPcon() throws FtpException{
String hostname = "my.ftp.server";
String username = "myusername";
String password = "mypass";
Ftp ftp = new Ftp(hostname,username,password);
ftp.setHostname(hostname);
ftp.setUsername(username);
ftp.setPassword(password);
ftp.connect();
ftp.setBinary();
ftp.download("file.dat");
ftp.disconnect();
}The error i receive is java.io.FileNotFoundException: public.dat (The system cannot find the file specified) but the file is on the server.
Thanks in advance for any helpCotton thank you for your reply
Any other sugestions please?The server disagrees. So...
- the file does not existThe file exists.I checked it with an FTP client program.
- the file has a different nameThe file name is correct
- you are connected to the wrong serverI am connecting to the correct server
- you are in the wrong ftp directoryThe file is placed in the home directory
- the ftp library you are using is broken (less
likely)I am using the library from jscape.I dont think is broken because i can upload the file from the first application.
>
FTP isn't somehow broken in Java. I use it all the
time. The problem is something listed above. I would
check all of the first four if I were you because
that's most likely where the problem is.Message was edited by:
flightcaptain -
Problem with iMacs loading web pages slowly after a power failure
We have 3 intel Macs (2 iMacs and a MB) on our network.
Today we had a power failure, and now we are having problems with both iMacs loading some web pages slowly (in Safari and Firefox both). I have shutdown and restarted both iMacs to no avail. As you will notice, I have not experienced any problems with my MB probably because the battery never allowed it to shut down completely.
Can you give me any indication of what the problem is or how I can go about troubleshooting this further?
Thank you in advance.It does sound like it could be a WiFi issue. You can try rebooting your router and that might help. It just might your Internet connection or the router itself. If the router is bad, you can replace it. If its the Internet connection - you can only do what you ISP allows you to do.
-
How to set Lion built-in FTP Server auto run off
Hello all.
I set FTP Server by using Rumpus Server application.
But Lion's built-in FTP Server is running on the front.
So if I try to connect my FTP Server out of my LAN, I can only connect to the built-in FTP Server despite I wanted to connect Rumpus FTP Server.
It can be solved by unload the built-in FTP Server(using sudo -s launchctl unload...) but every after rebooting I should set it because it is set to run automatically in every booting.
How can I set the auto run off?well, the ftp server (=ftpd) takes account info from the user list for your mac. so, go to the system settings on your mac, then to users, and then just add another user with a password of your choice (tap on the little plus-sign to add a user!). this will then be a valid user for your ftp server after you restart your ftp server.
the other thing you want to do, about the home directory, is called chroot. you can set the home directory of a specific ftp-user to be another directory then the standard. for this, there are configuration directives in the configuration file in /private/etc/ftpd.conf which you have to edit by hand. so make sure what you do there.
you should read this before editing the file, this will give you a better understanding of what to put there: https://developer.apple.com/library/mac/documentation/darwin/reference/manpages/ man8/tnftpd.8.html -
Hi. I am an operator hoping soon to become an administrator. I have been asked to setup a secure FTP server in solaris 10. Could somebody possibly outline the basic stages of what needs to take place. I would be grateful for any info offered. Thanks
Hmm, do you want to setup an ordinary FTP server in a more secure maner, or do you want to use the Secure FTP server which is boundled with SSH?
The FTP server boundled with SSH is on by default, check the man page for sftp . -
One static IP can reach FTP server. Other static IP can't...
you are trying the same FTP client and the same user/password on both IP addresses?
Just thought i'd throw it out there, pick everyone's brain. Here is the base problem.
2 Static IP'sStatic IP #1 can't reach the FTP server, when you go to log in, either through IE or cmd it prompts for the un/pw and when you enter it in, it doesn't take, just cycles back and asks for the un/pw.. (yes, the un/pw is correct). Everything else works i.e. you can get to the internet and anything else. Just the FTP sever can't be accessed with static.
(This FTP server is a a remote FTP of a mutual customer)Static IP #2 is all good can access the FTP and its business as normal.We've TS with the support team for the FTP server and they claim all is good on their end. If static #1 can go everywhere else accept this FTP sever, then there has to be something on the FTP servers end, right? I feel like i may be missing something, thought i'd throw...
This topic first appeared in the Spiceworks Community -
I received an HP bulletin that recommends that I upgrade the P410 RAID card firmware, with a link to ftp server:
ftp://ftp.hp.com/pub/softlib2/software1/sc-linux-fw-array/p1997486963/v99175
I am unable to navigate to that server, have tried all operating systems available, FileZilla, all browsers I can get my hands on. No success. Replacing the ftp:// with htp:// gets a response : Access Denied.
Where can I (reliably) get this?Check your firewall settings.
As you can see in the following image, I had no problem connecting to the download when I used the link. Try Google Chrome under Windows OS.
****Please click on Accept As Solution if a suggestion solves your problem. It helps others facing the same problem to find a solution easily****
2015 Microsoft MVP - Windows Experience Consumer -
IPS 6.0 Supported FTP Server??
Hi,is it true that we can only use supported ftp servers that are documented in cisco for updating ips signatures or image?
###cisco ips 6.x document ####
The following FTP servers are supported for IPS software updates:
⢠WU-FTPD 2.6.2 (Linux)
⢠Solaris 2.8
⢠Sambar 6.0 (Windows 2000)
⢠Serv-U 5.0 (Windows 2000)
⢠MS IIS 5.0 (Windows 2000)
can we use ordinary ftp servers other than ftp servers listed above?? thanksWhen originally implemented the ftp auto update feature had several problems when using other ftp servers.
The implementation has changed over the past few years, and become more generalized.
So the listed FTP Servers are the ones "officially" tested and supported.
However, it should work with most other FTP servers as well.
I would recommend trying it with whatever FTP server you already have running. If it works then great; you are probably fine to keep using it.
If it doesn't work with your FTP server, then you can contact the TAC. If it turns out to be an incompatability between the sensor and your FTP server, then the issue would have to be entered as an enhancement request to get your FTP server supported rather than an actual bug.
We used to hear alot of incompatability problems with other FTP servers a few years ago.
But I haven't heard of any in the past 2 years.
If it is not working, then it is usually not a problem with the actual FTP server, but rather in how it was configured.
Here are a few examples of issues that are sometimes seen, and can be avoided with configuration of the FTP server.
Additional login messages can sometimes confuse the sensor (like warnings about who can access the box).
The FTP server has to be configured to use unix style directory listings instead of windows style.
Permissions on the files themselves can be a problem.
Renaming of the files after being pulled from cisco.com can cause problems, so keep the filenames exactly as seen on the cisco.com pages.
Keep directory names to letters and numbers to avoid parsing problems with the directory name. -
Upload File from oracle table to FTP server .
Hi Experts,
I have created one html region in Apex page. In this Region I have one item as File browse. On Click of File browse , select some file and say click Submit button then I m storing this file information in Table. Now My Requirement is to upload this file to FTP server after clicking the Submit button.
Thanks in Advance
DanalaxmiFor this you need the ftp package you can find on this page:
http://www.oracle-base.com/dba/DBACategories.php
George -
Java ftp server which can use LDAP, how to integrate with WLS' implementation of LDAP?
Howdy.
I'm setting up a java ftp server
(http://www.mycgiserver.com/~ranab/ftp/index.html) which is capable of using
LDAP for it's user security. I would like to integrate this ftp server with
wls' implementation of LDAP so I only have to admin one user list.
Does wls put it's user list in the LDAP or in it's own proprietary setup? I
tried playing around with it, but the users don't seem to appear in the JNDI
tree. Is this where the LDAP stuff is located? I thought it was in there?
If it's in it's own setup, is there a way to propagate the users to LDAP?
If these look like newbie Q&A, I guess they kind of are, I'm new to LDAP.
Thanks for any input you might have.Peter,
If you are talking about using the embedded LDAP server in WLS 7.0 for this purpose
I think you are going done the wrong path.
Look at the following URL on how to use an external LDAP server for your custom
application
http://e-docs.bea.com/wls/docs70/secmanage/realm.html#1172008
Chuck Nelson
DRE
BEA Technical Support -
How to configure sync with my local ftp server?
I have used XMarks since now because it hallow me to synchronize my bookmarks with my local server. Now XMarks don't work anymore because it's not more possible to synchronize the passwords.
Any other alternative imposes to use an external server and I don't want to use an external server. My data must remain on my machine it's absolutely excluded that i use an external unknown server for this.
The only solution must be a free solution (a real free solution) and the firefox synchronization seems to me the best/only one.
But I've not found how to configure it to use my own server.
So how to do it, where are the options to the synchronizer to give my own ftp server or whatever other server it needs?iAS 6.0 sp4 officially does only support iPlanet Directory Server 5.0 sp1 and 4.13.
For more details visit: http://docs.iplanet.com/docs/manuals/ias/60/sp4/ig/prep.htm#42084
I guess, you can specify the directory server during the time of installation.
Thanks,
Rakesh. -
Can not connect to Cerberus FTP Server with PASV
I setup a FTP Server and i can connect from the inside fine but from the outside i can not connect in passive mode. I can in regular ftp or ssh.
Here is the log from filezilla
Status: Resolving address of domain.com
Status: Connecting to ExternalIP:990...
Status: Connection established, initializing TLS...
Status: Verifying certificate...
Status: TLS/SSL connection established, waiting for welcome message...
Response: 220-220-Welcome to Cerberus FTP Server
Response: 220 220 Created by Cerberus, LLC
Command: USER test
Response: 331 User test, password please
Command: PASS ***********
Response: 230 Password Ok, User logged in
Command: CLNT FileZilla
Response: 200 Command okay
Command: OPTS UTF8 ON
Response: 220 UTF8 support on
Command: PBSZ 0
Response: 200 PBSZ=0
Command: PROT P
Response: 200 PROT P OK, data channel will be secured
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type Binary
Command: PASV
Response: 227 Entering Passive Mode (external IP,195,83)
Command: MLSD
Error: Connection timed out
Error: Failed to retrieve directory listing
Result of the command: "show running-config"
: Saved
ASA Version 8.0(4)
interface Vlan1
nameif inside
security-level 100
ip address 192.168.10.10 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group att
ip address pppoe setroute
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
object-group service RDP tcp
description RDP
port-object eq 3389
object-group service FTP_PASV_Ports tcp
description Passive Ports
port-object range 35000 35999
object-group service FTPS tcp
description FTPS
port-object eq 990
access-list outside_access_in extended permit tcp any any object-group RDP
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any any eq ftp
access-list outside_access_in extended permit tcp any any eq telnet
access-list outside_access_in extended permit tcp any any eq smtp
access-list outside_access_in extended permit tcp any any eq www
access-list outside_access_in extended permit tcp any any eq pop3
access-list outside_access_in extended permit tcp any any eq https
access-list outside_access_in remark passive FTP port range
access-list outside_access_in extended permit tcp any host server object-group FTP_PASV_Ports
access-list outside_access_in extended permit tcp any any eq ssh
access-list outside_access_in extended permit tcp any any object-group FTPS
access-list outside_access_in extended permit tcp any any eq ftp-data
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1492
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www server www netmask 255.255.255.255
static (inside,outside) tcp interface https server https netmask 255.255.255.255
static (inside,outside) tcp interface smtp server smtp netmask 255.255.255.255
static (inside,outside) tcp interface 3389 server 3389 netmask 255.255.255.255
static (inside,outside) tcp interface pop3 server pop3 netmask 255.255.255.255
static (inside,outside) tcp interface ftp server ftp netmask 255.255.255.255
static (inside,outside) tcp interface ssh server ssh netmask 255.255.255.255
static (inside,outside) tcp interface 990 server 990 netmask 255.255.255.255
static (inside,outside) tcp interface ftp-data server ftp-data netmask 255.255.255.255
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 192.168.10.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
vpdn group att request dialout pppoe
vpdn group att localname @static.sbcglobal.net
vpdn group att ppp authentication pap
vpdn username @static.sbcglobal.net password *********
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password rcuFiQnIXLd encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:ecb5356a2f5e680b
: end
I am programing the router with ASDM so if you could tell me what i need to do from the GUI to fix this.Dan,
Looking at the output,
Status: Resolving address of domain.com
Status: Connecting to ExternalIP:990...
Status: Connection established, initializing TLS...
Status: Verifying certificate...
Status: TLS/SSL connection established, waiting for welcome message...
This looks like FTPS which is not supported on the ASA. You can workaround it by trying to connect using Active mode from the outside instead of PSV.
You can find more info here:
https://supportforums.cisco.com/docs/DOC-23206
Mike -
Hi, since this morning i receive this message on my Mac Air (10.8.5) when i open iCal (which is synced through iCloud): "The server responded with an error. The server is currently unreachable or the connection was blocked". You know what it can be?
Thanks for your help!Are you behind a firewall at work or elsewhere? Does you calendar sync with some other system like google (could be the google server is not responding)? All we know from the message is that your mac cannot reach the server. Maybe try later. Are you using wifi or have an ethernet connection to the router?
-
In FTP server same file name with multiple vesions
Hi All,
My source system is UNIX. in that FTP server they have multiple files with same name example " abc.dat"; with different versions example"abc.dat;43" "abc.dat;44", "abc.dat;45". . so how to read latest version file like "abc.dat;45" from sender communication channel with file adapter.
suggestions please..Thanks in advance.
Edited by: venkataraonandigam on Jul 15, 2011 3:12 PMHi VenkatRao,
Sender file adapter configuration has an option "Processing Sequence". In the that select by"Date" or Name .
If you used placeholders when specifying the file name, define the processing sequence of the files:
○ By Name: Files are processed alphabetically by file name.
○ By Date: Files are processed according to their time stamp in the file system, starting with the oldest file.
Otherwise you have to write shellscrit to move the latest version file to a different folder and pick it up from that folder.
Or
write adapter module. -
Picking files from FTP server with dynamic Filename.
Hello Experts,
I want to pick some files from a FTP server in a File to Idoc scenario. The files in the Ftp Server are created with the filenames as timestamp of the file when it was created. How do I pick up these files?
Thanks,
MerrillyHi,
The above masking concept (*.txt, . etc) will be applicable for the files with NFS only,
See the below link to apply it
/people/mickael.huchet/blog/2006/09/18/xipi-how-to-exclude-files-in-a-sender-file-adapter
The below link will help you to build up the adapter module to read the dynamic file name
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/da5675d1-0301-0010-9584-f6cb18c04805
This could be applicable for FTP ...
Thanks
Swarup
Maybe you are looking for
-
Text Box in DOCUMENTS Tab when creating a Contract
Hi I'm using SRM 5 , when creating a Contract(GOA), the minute you select the Documents Tab , the text box for internal note is already open, and it fills up the top portion of the screen. This does not allow you to save( or to put your contract eith
-
This is the best method to install a new version of Studio!
Do it cleanly. By this I mean create a new fresh startup disk for the install of Studio. Whether for Studio 1 ,2 or 3, trust me. this method will get you to a really stable FCS system. 1. Backup everything you want to keep if you're using the same dr
-
Why won't my microsoft bluetooth notebook mouse 5000 not stayed connected
This mouse has been working. When I close the notebook it loses connection. I have checked batteries, discoverability, etc. I have even restarted computer. What is with this Microsoft Bluebooth notebook mouse 5000? I use a Mac Pro. Thanks for yo
-
I have purchased 2 programs from handango that are intended for the blackberry pearl. As I tried to install them I am told that I need 2.7 mb memory but only have 500 kb. I have not added anything to my unit. Please advise. rpr Solved! Go to Solut
-
Mountain Lion vs. Itunes.
Finally got my Imac to start and now Itunes won't run. Can you help me there?