Home Server Security

Status
Not open for further replies.

AudioVayne

Posts: 82   +0
I've setup my own FTP server to share files with family over the net, access files I might need from home etc. I've just looked at my logfile and I'm curious if someones trying to hack my server.

Is there anything I can do to help prevent people hacking my server?

Cheers for your help


Copied from Logfile: - the 15th of this month onwards. The same sorta entries have been going on since the 22-Dec-09. But I get the feeling I wont need to copy n paste that much.


[2010-01-15 00:55:53]:COMMAND [ 1] - USER webmaster
[2010-01-15 00:55:53]: REPLY [ 1] - 331 User webmaster, password please

[2010-01-15 00:55:53]:COMMAND [ 1] - USER webmaster
[2010-01-15 00:55:53]: REPLY [ 1] - 331 User webmaster, password please

[2010-01-15 00:55:54]:COMMAND [ 1] - USER webmaster
[2010-01-15 00:55:54]: REPLY [ 1] - 331 User webmaster, password please

[2010-01-15 00:55:54]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:55:58]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

[2010-01-15 00:55:58]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:56:02]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

[2010-01-15 00:56:02]:COMMAND [ 1] - USER webmaster
[2010-01-15 00:56:02]: REPLY [ 1] - 331 User webmaster, password please

[2010-01-15 00:56:02]:COMMAND [ 1] - USER user
[2010-01-15 00:56:02]: REPLY [ 1] - 331 User user, password please

[2010-01-15 00:56:03]:COMMAND [ 1] - USER user
[2010-01-15 00:56:03]: REPLY [ 1] - 331 User user, password please

[2010-01-15 00:56:03]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:56:07]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

[2010-01-15 00:56:07]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:56:11]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

[2010-01-15 00:56:11]:COMMAND [ 1] - USER user
[2010-01-15 00:56:11]: REPLY [ 1] - 331 User user, password please

[2010-01-15 00:56:12]:COMMAND [ 1] - USER user
[2010-01-15 00:56:12]: REPLY [ 1] - 331 User user, password please

[2010-01-15 00:56:12]:COMMAND [ 1] - USER user
[2010-01-15 00:56:12]: REPLY [ 1] - 331 User user, password please

[2010-01-15 00:56:12]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:56:16]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

[2010-01-15 00:56:16]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:56:20]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

[2010-01-15 00:56:20]:COMMAND [ 1] - USER user
[2010-01-15 00:56:20]: REPLY [ 1] - 331 User user, password please

[2010-01-15 00:56:20]:COMMAND [ 1] - USER user
[2010-01-15 00:56:20]: REPLY [ 1] - 331 User user, password please

[2010-01-15 00:56:21]:COMMAND [ 1] - USER user
[2010-01-15 00:56:21]: REPLY [ 1] - 331 User user, password please

[2010-01-15 00:56:21]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:56:25]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

[2010-01-15 00:56:25]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:56:29]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

[2010-01-15 00:56:29]:COMMAND [ 1] - USER user
[2010-01-15 00:56:29]: REPLY [ 1] - 331 User user, password please

[2010-01-15 00:56:29]:COMMAND [ 1] - USER root
[2010-01-15 00:56:29]: REPLY [ 1] - 331 User root, password please

[2010-01-15 00:56:30]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:56:34]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

[2010-01-15 00:56:34]:COMMAND [ 1] - USER root
[2010-01-15 00:56:34]: REPLY [ 1] - 331 User root, password please

[2010-01-15 00:56:34]:COMMAND [ 1] - USER root
[2010-01-15 00:56:34]: REPLY [ 1] - 331 User root, password please

[2010-01-15 00:56:34]:COMMAND [ 1] - USER root
[2010-01-15 00:56:34]: REPLY [ 1] - 331 User root, password please

[2010-01-15 00:56:35]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:56:39]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

[2010-01-15 00:56:39]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:56:43]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

[2010-01-15 00:56:43]:COMMAND [ 1] - USER root
[2010-01-15 00:56:43]: REPLY [ 1] - 331 User root, password please

[2010-01-15 00:56:43]:COMMAND [ 1] - USER root
[2010-01-15 00:56:43]: REPLY [ 1] - 331 User root, password please

[2010-01-15 00:56:43]:COMMAND [ 1] - USER root
[2010-01-15 00:56:43]: REPLY [ 1] - 331 User root, password please

[2010-01-15 00:56:44]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:56:48]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

[2010-01-15 00:56:48]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:56:52]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

[2010-01-15 00:56:52]:COMMAND [ 1] - USER root
[2010-01-15 00:56:52]: REPLY [ 1] - 331 User root, password please

[2010-01-15 00:56:52]:COMMAND [ 1] - USER root
[2010-01-15 00:56:52]: REPLY [ 1] - 331 User root, password please

[2010-01-15 00:56:52]:COMMAND [ 1] - USER root
[2010-01-15 00:56:52]: REPLY [ 1] - 331 User root, password please

[2010-01-15 00:56:52]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:56:56]: REPLY [ 1] - 530 Not logged in. Username/password incorrect, user disabled, or user logged in too many times

[2010-01-15 00:56:56]:COMMAND [ 1] - PASS ***********
[2010-01-15 00:57:00]: ERROR [ 1] - Unable to send data
[2010-01-15 00:57:00]: WARN [ 1] - Closing connection: An established connection was aborted by the software in your host machine.

[2010-01-15 00:57:00]:CONNECT [ 1] - Connection Terminated
[2010-01-15 20:36:03]: SYSTEM [Server] - WAN IP detected as 60.234.143.178
[2010-01-16 05:37:45]:CONNECT [ 2] - Incoming connection request on interface 192.168.2.20
[2010-01-16 05:37:45]:CONNECT [ 2] - Connection request accepted from 125.211.216.232
[2010-01-16 05:37:45]: ERROR [ 2] - Unable to send welcome message
[2010-01-16 05:37:45]:SUGGEST [ 2] - Check that a firewall is not blocking connections
[2010-01-16 05:37:45]: ERROR [ 2] - Error: Unable to send Welcome message - Terminating connection
[2010-01-16 05:37:45]:CONNECT [ 2] - Connection Terminated
[2010-01-16 20:06:05]: SYSTEM [Server] - WAN IP detected as 60.234.143.178
[2010-01-17 02:45:17]:CONNECT [ 3] - Incoming connection request on interface 192.168.2.20
[2010-01-17 02:45:17]:CONNECT [ 3] - Connection request accepted from 203.251.81.197
[2010-01-17 02:45:21]: SYSTEM [ 3] - The client closed the connection
[2010-01-17 02:45:21]:CONNECT [ 3] - Connection Terminated
[2010-01-17 05:03:25]:CONNECT [ 4] - Incoming connection request on interface 192.168.2.20
[2010-01-17 05:03:25]:CONNECT [ 4] - Connection request accepted from 203.251.81.197
[2010-01-17 05:03:28]: SYSTEM [ 4] - The client closed the connection
[2010-01-17 05:03:28]:CONNECT [ 4] - Connection Terminated
[2010-01-17 19:36:07]: SYSTEM [Server] - WAN IP detected as 60.234.143.178
[2010-01-18 19:06:12]: SYSTEM [Server] - WAN IP detected as 60.234.143.178
 
The easiest thing you can do if this is a *nix based server is change it to SFTP. This will cause your family to have to change their connection settings, but this will prevent sending of unencrypted passwords. This will also encrypt your payloads, but will cause more overhead on your server. You can also edit your firewall rules to only allow specific IPs or IP ranges to connect.
 
good suggestion :)

if your router is at 192.168.1.1, then the rules would be
allow tcp in/out src=192.168.1.1-192.168.1.250 dst=192.168.1.1-192.168.1.250 ports 20,21

only systems connected to the lan can then get to the ftp server and you don't need encryption at all :)
 
It's Windows XP based. I'd prefer to have it up on the net though so my family can still access it over the net.

I presume SFTP is similar to SHTTP in the sense of security? Is there a way to set that up on an XP based server?
 
google for SSH; it provides FTP and encrypts both login and data transfers
 
Putty & SSH are similar but use command prompt to send login and GET/PUT requests.

If you wish the users to access via a browser, then you need HTTPS configuration for your webserver.

Which server are you using { IIS, Apache2, or other } ? Each uses port 443 and encryption,
but all users will need login IDs on your system with Passwords.

The issue for HTTPS will be the SSL need for a certificate and there is doc on the web on
creating a Self-Sign Certificate.
 
I'm using a program called Cerberus for my server. If I switch to HTTPS do I need to build a website as well? And would file transfers still be easy to manage?
 
HTTPS is a protocol for all webservers, not another kind of product --
usually it's easily configured, Sometimes it's an add on.

Even if you installed a new server, the existing content could still be used.
 
Status
Not open for further replies.
Back