ACZoom  ·  Archive-2016

Hi,
If anyone would like to secure his/her Pure-FTPd server with blockhosts.py here are some clues.

My Pure-FTPd is configured to use its own log file.

--------

The first thing to do is to configure pure-ftpd to run as a tcp-wrappers process (on Fedora system it is Xinetd). To do this create a file /etc/xinetd.d/pure-ftpd. It can look like this:
*********************

service ftp
{
disable = no
socket_type = stream
protocol = tcp
instances = 20
wait = no
user = root
server = /usr/local/sbin/pure-ftpd
server_args = -4 -a500 -c10 -d -E -fftp -H -I3 -lpuredb:/etc
/pureftpd.pdb -L2000:8 -m4 -U133:022 -u100 -w -x -X -Oclf:/var/log/pureftpd.log
-j -n1000:10000 -k95 -Z
per_source = 2
banner_fail = /etc/pure-ftpd/banner.f
banner = /etc/pure-ftpd/banner

nice = 10
}

****************************
!NOTICE: server-args can be whatever you want, but cannot contain option for standalone mode, and option for max connection per IP doesn't work, that can be done by per_source paramater.

Now the regular expression for blockhosts.cfg:

"PureFTPD-Fail": re.compile(r"""pure-ftpd: \(\?\@(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\) \[WARNING\] Authentication failed"""),


Ofcourse you have to add path to your ftp log file to blockhosts.cfg and add pure-ftpd service to hosts.allow where the blockhosts.py script is called

[Edited: 18 Feb 2006 - added web page escapes to make the <host> word show up on the regex above. [aczoom webadmin]]