proftpd attacks not being denied

I installed blockhosts on a centos server and configured the COUNT_THRESHOLD and the AGE_THRESHOLD but it is only catching the ssh attacks and not the proftpd. I'm new at this so please be patient!:)

I run SL4.4 (same deal as CentOS)

Hi,

I run Scientific Linux 4.4 which is the same as CentOS (both RHEL derivatives).

I use the proftpd RPM from rpmforge.

What I found is that if you run proftpd as a deamon (default config), then hosts.allow is not used at all.

What I needed to do is modify the proftpd.conf file to run through inetd, then configure /etc/xinetd.d/xproftpd to enable it's run, restart xinetd.

From there a cron, run every minute, of the /usr/bin/blockhosts.py file would make the necessary checks on /var/log/secure and update the hosts.allow file with the relevant information.

I personally didn't have time to figure out the tcp wrappers bit to allow automatic spawning from the hosts.allow file (I may spend time on that sometime) but for now the above works and that's my biggest concern.

Regards,

Michael.

I Run Mandriva 2007 - Same for me

I'm running Mandriva 2007 Linux, got the count threshold set and all available regexs uncommented. SSH is being caught no problem but nothing is caught for proftpd. The following is what shows up in my proftpd log files:

Feb 07 14:53:54 my.server.name proftpd[17086] servername (::ffff:211.67.177.81[::ffff:211.67.177.81]): no such user 'seller'
Feb 07 14:53:55 my.server.name proftpd[17086] servername (::ffff:211.67.177.81[::ffff:211.67.177.81]): Maximum login attempts (3) exceeded

This dude tried over 14000 times ! Never was flagged. I added it manually to stop the attempts.

Any help here ?!?!

Thanks,
Jon Breen