TechSpot

Home Server Security

By AudioVayne
Jan 19, 2010
  1. I've setup my own FTP server to share files with family over the net, access files I might need from home etc. I've just looked at my logfile and I'm curious if someones trying to hack my server.

    Is there anything I can do to help prevent people hacking my server?

    Cheers for your help


    Copied from Logfile: - the 15th of this month onwards. The same sorta entries have been going on since the 22-Dec-09. But I get the feeling I wont need to copy n paste that much.


    [2010-01-15 00:55:53]:COMMAND [ 1] - USER webmaster
    [2010-01-15 00:55:53]: REPLY [ 1] - 331 User webmaster, password please

    [2010-01-15 00:55:53]:COMMAND [ 1] - USER webmaster
    [2010-01-15 00:55:53]: REPLY [ 1] - 331 User webmaster, password please

    [2010-01-15 00:55:54]:COMMAND [ 1] - USER webmaster
    [2010-01-15 00:55:54]: REPLY [ 1] - 331 User webmaster, password please

    [2010-01-15 00:55:54]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:55:58]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

    [2010-01-15 00:55:58]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:56:02]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

    [2010-01-15 00:56:02]:COMMAND [ 1] - USER webmaster
    [2010-01-15 00:56:02]: REPLY [ 1] - 331 User webmaster, password please

    [2010-01-15 00:56:02]:COMMAND [ 1] - USER user
    [2010-01-15 00:56:02]: REPLY [ 1] - 331 User user, password please

    [2010-01-15 00:56:03]:COMMAND [ 1] - USER user
    [2010-01-15 00:56:03]: REPLY [ 1] - 331 User user, password please

    [2010-01-15 00:56:03]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:56:07]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

    [2010-01-15 00:56:07]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:56:11]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

    [2010-01-15 00:56:11]:COMMAND [ 1] - USER user
    [2010-01-15 00:56:11]: REPLY [ 1] - 331 User user, password please

    [2010-01-15 00:56:12]:COMMAND [ 1] - USER user
    [2010-01-15 00:56:12]: REPLY [ 1] - 331 User user, password please

    [2010-01-15 00:56:12]:COMMAND [ 1] - USER user
    [2010-01-15 00:56:12]: REPLY [ 1] - 331 User user, password please

    [2010-01-15 00:56:12]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:56:16]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

    [2010-01-15 00:56:16]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:56:20]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

    [2010-01-15 00:56:20]:COMMAND [ 1] - USER user
    [2010-01-15 00:56:20]: REPLY [ 1] - 331 User user, password please

    [2010-01-15 00:56:20]:COMMAND [ 1] - USER user
    [2010-01-15 00:56:20]: REPLY [ 1] - 331 User user, password please

    [2010-01-15 00:56:21]:COMMAND [ 1] - USER user
    [2010-01-15 00:56:21]: REPLY [ 1] - 331 User user, password please

    [2010-01-15 00:56:21]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:56:25]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

    [2010-01-15 00:56:25]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:56:29]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

    [2010-01-15 00:56:29]:COMMAND [ 1] - USER user
    [2010-01-15 00:56:29]: REPLY [ 1] - 331 User user, password please

    [2010-01-15 00:56:29]:COMMAND [ 1] - USER root
    [2010-01-15 00:56:29]: REPLY [ 1] - 331 User root, password please

    [2010-01-15 00:56:30]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:56:34]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

    [2010-01-15 00:56:34]:COMMAND [ 1] - USER root
    [2010-01-15 00:56:34]: REPLY [ 1] - 331 User root, password please

    [2010-01-15 00:56:34]:COMMAND [ 1] - USER root
    [2010-01-15 00:56:34]: REPLY [ 1] - 331 User root, password please

    [2010-01-15 00:56:34]:COMMAND [ 1] - USER root
    [2010-01-15 00:56:34]: REPLY [ 1] - 331 User root, password please

    [2010-01-15 00:56:35]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:56:39]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

    [2010-01-15 00:56:39]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:56:43]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

    [2010-01-15 00:56:43]:COMMAND [ 1] - USER root
    [2010-01-15 00:56:43]: REPLY [ 1] - 331 User root, password please

    [2010-01-15 00:56:43]:COMMAND [ 1] - USER root
    [2010-01-15 00:56:43]: REPLY [ 1] - 331 User root, password please

    [2010-01-15 00:56:43]:COMMAND [ 1] - USER root
    [2010-01-15 00:56:43]: REPLY [ 1] - 331 User root, password please

    [2010-01-15 00:56:44]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:56:48]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

    [2010-01-15 00:56:48]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:56:52]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

    [2010-01-15 00:56:52]:COMMAND [ 1] - USER root
    [2010-01-15 00:56:52]: REPLY [ 1] - 331 User root, password please

    [2010-01-15 00:56:52]:COMMAND [ 1] - USER root
    [2010-01-15 00:56:52]: REPLY [ 1] - 331 User root, password please

    [2010-01-15 00:56:52]:COMMAND [ 1] - USER root
    [2010-01-15 00:56:52]: REPLY [ 1] - 331 User root, password please

    [2010-01-15 00:56:52]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:56:56]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

    [2010-01-15 00:56:56]:COMMAND [ 1] - PASS ***********
    [2010-01-15 00:57:00]: ERROR [ 1] - Unable to send data
    [2010-01-15 00:57:00]: WARN [ 1] - Closing connection: An established connection was aborted by the software in your host machine.

    [2010-01-15 00:57:00]:CONNECT [ 1] - Connection Terminated
    [2010-01-15 20:36:03]: SYSTEM [Server] - WAN IP detected as 60.234.143.178
    [2010-01-16 05:37:45]:CONNECT [ 2] - Incoming connection request on interface 192.168.2.20
    [2010-01-16 05:37:45]:CONNECT [ 2] - Connection request accepted from 125.211.216.232
    [2010-01-16 05:37:45]: ERROR [ 2] - Unable to send welcome message
    [2010-01-16 05:37:45]:SUGGEST [ 2] - Check that a firewall is not blocking connections
    [2010-01-16 05:37:45]: ERROR [ 2] - Error: Unable to send Welcome message - Terminating connection
    [2010-01-16 05:37:45]:CONNECT [ 2] - Connection Terminated
    [2010-01-16 20:06:05]: SYSTEM [Server] - WAN IP detected as 60.234.143.178
    [2010-01-17 02:45:17]:CONNECT [ 3] - Incoming connection request on interface 192.168.2.20
    [2010-01-17 02:45:17]:CONNECT [ 3] - Connection request accepted from 203.251.81.197
    [2010-01-17 02:45:21]: SYSTEM [ 3] - The client closed the connection
    [2010-01-17 02:45:21]:CONNECT [ 3] - Connection Terminated
    [2010-01-17 05:03:25]:CONNECT [ 4] - Incoming connection request on interface 192.168.2.20
    [2010-01-17 05:03:25]:CONNECT [ 4] - Connection request accepted from 203.251.81.197
    [2010-01-17 05:03:28]: SYSTEM [ 4] - The client closed the connection
    [2010-01-17 05:03:28]:CONNECT [ 4] - Connection Terminated
    [2010-01-17 19:36:07]: SYSTEM [Server] - WAN IP detected as 60.234.143.178
    [2010-01-18 19:06:12]: SYSTEM [Server] - WAN IP detected as 60.234.143.178
     
  2. LNCPapa

    LNCPapa TS Special Forces Posts: 4,206   +424

    The easiest thing you can do if this is a *nix based server is change it to SFTP. This will cause your family to have to change their connection settings, but this will prevent sending of unencrypted passwords. This will also encrypt your payloads, but will cause more overhead on your server. You can also edit your firewall rules to only allow specific IPs or IP ranges to connect.
     
  3. Aximilator

    Aximilator TS Rookie Posts: 63

    setup a good firewall and set the server to only allow sharing with lan
     
  4. jobeard

    jobeard TS Ambassador Posts: 9,310   +617

    good suggestion :)

    if your router is at 192.168.1.1, then the rules would be
    allow tcp in/out src=192.168.1.1-192.168.1.250 dst=192.168.1.1-192.168.1.250 ports 20,21

    only systems connected to the lan can then get to the ftp server and you don't need encryption at all :)
     
  5. AudioVayne

    AudioVayne TS Rookie Topic Starter Posts: 99

    It's Windows XP based. I'd prefer to have it up on the net though so my family can still access it over the net.

    I presume SFTP is similar to SHTTP in the sense of security? Is there a way to set that up on an XP based server?
     
  6. jobeard

    jobeard TS Ambassador Posts: 9,310   +617

    google for SSH; it provides FTP and encrypts both login and data transfers
     
  7. AudioVayne

    AudioVayne TS Rookie Topic Starter Posts: 99

    Can it be accessed through your web browser as usual or do you have to use Putty?
     
  8. jobeard

    jobeard TS Ambassador Posts: 9,310   +617

    Putty & SSH are similar but use command prompt to send login and GET/PUT requests.

    If you wish the users to access via a browser, then you need HTTPS configuration for your webserver.

    Which server are you using { IIS, Apache2, or other } ? Each uses port 443 and encryption,
    but all users will need login IDs on your system with Passwords.

    The issue for HTTPS will be the SSL need for a certificate and there is doc on the web on
    creating a Self-Sign Certificate.
     
  9. AudioVayne

    AudioVayne TS Rookie Topic Starter Posts: 99

    I'm using a program called Cerberus for my server. If I switch to HTTPS do I need to build a website as well? And would file transfers still be easy to manage?
     
  10. jobeard

    jobeard TS Ambassador Posts: 9,310   +617

    HTTPS is a protocol for all webservers, not another kind of product --
    usually it's easily configured, Sometimes it's an add on.

    Even if you installed a new server, the existing content could still be used.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...