How to Only permit specific users FTP Login

[chep]

Hello,

I have some hackers trying to get in through FTP login. They normally use users who do not exist. The FTP usernames we have are unique and would be very difficult to even guess the username let alone the corresponding password.

Anyway - I see people trying to get in via FTP with 'root' , 'postres', 'mysql' , etc.

I have used IPTables to block all SSH connections except from my IP or the console. That seems to be working wonders. What I would like to do is not the same though. I would like to block out all FTP connections except from the two usernames which I have in mind. How can I achieve this?

Thank you,
Chep

[Dapper Dan]

It's probably a bot trying your ftp port/server with different names and passwords. Ftp uses port 21 as the default. Is that the port you are presently using? You can set ftp up under another port number than the one "they" are attempting to enter by. This is not a total security solution but is one of several things you can do to make it harder for them. You can change ports by editing your ftp server config file in most cases. I use proftpd so the file I'd edit would be /etc/proftpd/proftpd.conf. Be sure to restart your ftp server after making the changes.

[ahamedoaa]

Hi,

if you are using vsftpd deamon the access to specific users can be restricted through /etc/vsftpd/ftpusers - the file consist of users whose ftp access is not allowed

/etc/vsftpd/ftpuser

# Users that are not allowed to login via ftp
#root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

[ccolumbu]

If you install pam_pwdfile, you can create a separate "ftp users" password file and yo don't have to add the users to your /etc/passwd file at all. Then you can jail them into their own home directory as well with the chroot_list file.