how easy was that!

While trailing the log files this messages showed up:


Jan 12 16:49:13 andreaswacker vsftpd(pam_unix)[20094]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=74.141.98.100

turns out some bot/script etc from 74.141.98.100 was trying to find an ftp user with a stupid name. Would have had no luck, but I don’t like my log files to be cluttered. So it turned out that a simple


iptables -I INPUT -s 74.141.98.100 -j DROP

blocks that IP address from now on. Nice. I think I will use that often now. There are lots of misconfigured systems out there. Like that Windows 98 computer in the philipines downloading the same file 5000 times yesterday. Thank you iptables.

Leave a Reply

You must be logged in to post a comment.