[TUT] How to prevent server flooding!

Any off topic discussions should go in this forum. Post count is not increased by posting here.
FTP Access status is required to post in this forum. Find out how to get it
Forum rules
Any off topic discussions should go in this forum. Post count is not increased by posting here.
FTP Access status is required to post in this forum. Find out how to get it
Post Reply
compact-mac
User avatar
Donator
Posts: 560
Joined: Tue Jun 19, 2007 5:55 pm
Location: /bin/bash
Contact:

[TUT] How to prevent server flooding!

Post by compact-mac »

Step 1: Find the account that they try to log in is:

Code: Select all

(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> 220-FileZilla Server version 0.9.23 beta
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> 220-Old-Computer FTP
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> 220-Max 5 Users, max 2 connections per IP.
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> 220-No Leeching. Lots of leeching = ban.
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> 220 No Anonymous Logins!
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> USER Administrator
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> 331 Password required for administrator
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> USER Administrator
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> 331 Password required for administrator
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> USER Administrator
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> 331 Password required for administrator
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> USER Administrator
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> 331 Password required for administrator
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> USER Administrator
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> 331 Password required for administrator
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> PASS 
(000141) 07/08/2007 22:10:16 - (not logged in) (80.227.47.86)> 530 Login or password incorrect!
(000141) 07/08/2007 22:10:17 - (not logged in) (80.227.47.86)> PASS 
(000141) 07/08/2007 22:10:17 - (not logged in) (80.227.47.86)> 530 Login or password incorrect!
(000141) 07/08/2007 22:10:17 - (not logged in) (80.227.47.86)> PASS 
(000141) 07/08/2007 22:10:17 - (not logged in) (80.227.47.86)> 530 Login or password incorrect!
(000141) 07/08/2007 22:10:19 - (not logged in) (80.227.47.86)> PASS 
(000141) 07/08/2007 22:10:19 - (not logged in) (80.227.47.86)> 530 Login or password incorrect!
(000141) 07/08/2007 22:10:22 - (not logged in) (80.227.47.86)> PASS 
(000141) 07/08/2007 22:10:22 - (not logged in) (80.227.47.86)> 421 Temporarily banned for too many failed login attempts
(000141) 07/08/2007 22:10:22 - (not logged in) (80.227.47.86)> disconnected.
Setp 2: (no dont ban them) Create that account

Step 3: Make them a folder and give them read-only access

step 4: Make a file and name it something fun like "MY PASSWORD.rtf" or "ADMIN NOTICE" or something (must be RTF)

step 5: Type the following into the file (size 74):
me wrote: IF YOU CAN READ THIS YOU ARE GAY
Step 6: Save all and wait until they login... they go cool I am admin... oh look... a nice file... BAM you have them. (or just be a script kiddie and use a virus lol)
CM's Old Website
Post Tenebras Spero Lucem
Forget DNS/HTTPS or DNS/TLS, the future is DNS over Avian.

RentedMule
Donator
Posts: 937
Joined: Tue Oct 17, 2006 8:26 pm

Post by RentedMule »

I simply throttle their transfer speed to something like .01kps

Andy
User avatar
Administrator
Posts: 12623
Joined: Fri Aug 18, 2006 11:47 am
Location: United Kingdom
Contact:

Post by Andy »

RentedMule wrote:I simply throttle their transfer speed to something like .01kps
I just ignore them. They can't get into an account that doesn't exist and auto ban takes care of them in a few seconds because 10 tries is all you get for 12 hours.

RentedMule
Donator
Posts: 937
Joined: Tue Oct 17, 2006 8:26 pm

Post by RentedMule »

The issue comes along when they have handfuls of IP addresses and autoproxy jumping with them. If it takes them 16 minutes to download 1k, then their rerouters wont catch it as a blatant ban and they won't jump to using another IP.

Same idea as a Honeypot

http://en.wikipedia.org/wiki/Honeypot_%28computing%29

Post Reply