I don't have FTP open, but use SFTP, which uses an encrypted link (FTP
over SSH). FTP sends usernames and passwords unencrypted, so it's not
super safe. On SSH, I was getting thousands of failed logins a day. I now
run sshblack (http://www.pettingers.org/code/sshblack.html ) and have it
block IP addresses with multiple failed ssh logins and obvious attempts to
break in to the system (a URL in the httpd log that includes MSOffice, or
../../../, or similar stuff). If I see a bunch of suspicious stuff in my
daily log review, I add it to the "reasons" for ssh to block that IP. Now
I get maybe 5 or 6 different failed logins a day. After three tries,
they're blocked.

Harold


-- 
FCC Rules Updated Daily at http://www.hallikainen.com - Advertising
opportunities available!
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist