FTP SERVER常會有一些無聊人士在嘗試登入,通常消極的做法就是加入黑名單,
想請問有沒有比較積極的做法? 寫信給ISP要求處理有用嗎? 還是說這樣的狀況可以報警處理?
[5] Thu 02Sep10 23:18:19 - (025625) Connected to 60.199.200.195 (Local address 192.168.1.10)
[5] Thu 02Sep10 23:18:19 - (025625) IP-Name: 60-199-200-195.STATIC.TFN.NET.TW
[5] Thu 02Sep10 23:18:19 - (025625) Too many times wrong password for user "AMMINISTRATORE" - disconnecting
[5] Thu 02Sep10 23:18:20 - (025625) Closing connection
[5] Thu 02Sep10 23:18:20 - (025626) Connected to 60.199.200.195 (Local address 192.168.1.10)
It is not from
無聊人士
, it is from hackers. It is a big serious business.
I would just disable ftpd, if it is not really important. You can still use sftp, which should be a little bit safer.
這應該常見,通常是用程式用 brute force 的方法嘗試登入 FTP sever。
比較高竿的,會用 socket sever 當跳板。
另外只是試著登入 FTP 失敗,好像沒有犯法。登入成功,用非其所允許的帳號登入,且有確切證據,這樣反而可以拿去當證據,找警察幫忙抓人。