thwarting repeated login attempts
david at skytrackercanada.com
Fri Jan 26 22:52:18 UTC 2007
> > I have installed denyhosts from the ports to stop ssh attacks, but
> > I have discovered a vulnerability, that is new to me. Denyhosts
> > does not seem to notice FTP login attempts, so the cracker can
> > attempt to login via FTP, 1000's of times until he finds a
> > login/password combination.
> We refuse to run ftp because it's nearly impossible to secure.
so that's what I have decided - and went with sftp exclusively.
More information about the freebsd-questions