ANS Documentation

Improve This Doc
  • Cloud
  • Domains and DNS management
  • Backup and High Availability
  • eCommerce Stacks
  • Security
    • DDoSX®
    • Web Application Firewall
    • Threat Monitoring and Threat Response
      • General Information and FAQs
      • How does it work?
      • System Requirements
      • Getting Started
      • Installing on a UKFast hosted server
      • Installing on a non-UKFast hosted server
      • PCI DSS Compliance
      • Alerts and rulesets
      • Attack Ruleset
      • High Level Alerts Explained
      • Alert Remediation Tips
      • Common Attacks
      • Databases
      • Exploits
      • File Monitoring (FIM)
      • Malware
      • Service Specific Alerts
      • System
      • Windows
      • Scans and Reconnaissance
    • McAfee Antivirus
    • Vulnerability Scans
    • Keeping Magento secure
    • Keeping WordPress secure
    • Brute Force Attacks
    • CryptoLocker
    • Dirty COW
    • The Logjam attack
    • Meltdown and Spectre
    • Memcached security concerns and reflection/amplification DDoS attacks
    • Wana Decryptor / Wana Decrypt0r 2.0 / WannaCry
    • Log4J Vulnerability
    • Polkit Security Vulnerability CVE-2021-4034
    • CVE-2022-0847 - Dirty Pipe Vulnerability
  • Email
  • Monitoring and usage management
  • Networking
  • Operating systems
  • Webcelerator
  • MyUKFast
  • Home >
  • Security >
  • Threat Monitoring and Threat Response >
  • High Level Alerts Explained >
  • ProFTPD

ProFTPD¶

ProFTPD FTP brute force (multiple failed logins).¶

What does this rule tell me?¶

A brute force attack is one of the more common attacks used today. Its a generic term used when an attacker tries different username and password combinations. This kind of attack is most common on FTP and SSH servers. In this case, your FTP server may have experienced a brute force attack.

Brute Force attacks are usually based on dictionary attacks, where a list of common passwords is used. It can take a few minutes to try hundreds of password combinations.

Note

A false-positive can sometimes fire if a user has forgotten their login details and is repeatedly failing to log in. Please bear this in mind.

What program / service does this rule relate to?¶

FTP Server [File Transfer Protocol]

How can I fix this?¶

The easiest way to protect yourself from brute force attacks is to employ a strong password. A strong password may consist of 15 characters, upper-case, lower-case, symbols and numbers.

Restrict access to your login URL. Your login page may be publicly facing, if so, you may want to restrict it to an internal IP address range.

Does this mean I am being attacked?¶

In this situation, there is a high chance that your server is being targeted by a brute force attack. If the numbers are relatively low, this may not be the case and it might be that someone has forgotten their login credentials and is trying to regain access.

Next Article > McAfee Anti Virus

  • Useful Links
  • SMB
  • Enterprise
  • Channel
  • Public Sector
  • ANS Data Centres
  • About ANS
  • Careers
  • Blog
  • Get in touch
  •  
  • Sales 0800 458 4545
  • Support 0800 230 0032
  • Get in touch

© ANS Group Limited | Terms and Conditions | Corporate Guidance | Sitemap
ANS Group Limited, registered in England and Wales, company registration number 03176761, registered office 1 Archway, Birley Fields, Manchester M15 5QJ