could you not use the likes of FlickR and photo bucket ?
This is a personal matter, not related to work at all.
I am currently running an FTP server so that my Dad in Cyprus can log in and 'collect' photos and what have you that we put in the FTP folder on my machine.
We found this to be better than email as some of the pictures are quite large in size, particularly recent wedding shots we posted for him and I don't have to resize files to get them under quotas.
However, this morning I noticed someone had tried to log into the FTP server - I checked the logs, and they made 'hundreds' of attempts with different usernames and passwords, none of which worked as there is only one account, and that is my Dad's, and his password is of a secure combination anyway.
Firstly, I'm wondering how they found the FTP server in the first place, but secondly, and more importantly, is this the best and most secure way for me to get large files to my Dad?
I would prefer to not have to upload them to the 'cloud' for him to retrieve them, as that then puts some onus on me to upload them - our present system he can just log in and get them at his leisure. Is there a more secure yet just as direct way to share a folder with him so he can get to my 'stuff', and not too complicated for me to set up or him to understand? Someone mentioned a VPN to me, but I have no idea as to how I could set that up.
Or do I need not worry about this drive-by attack? The fact that they couldn't get in hasn't left me entirely happy though.
Would appreciate some thoughts.
could you not use the likes of FlickR and photo bucket ?
You could use Dropbox for it. That way you just need to copy the files into the folder that is shared with your Dad and then they sync with server and download to his machine.
These sorts of random brute-force attacks are fairly common on the internet: usually a program iterates over a set of IP addresses and common service ports, identifies any that are open as a potential method of gaining entry, and will then try many password combinations until they give up, fail, or are blocked.
The most simple way to reduce these attacks is to move the FTP server on to a non-standard port, (e.g. 2100, 2121 or something).
FlickR has upload limits, unless I pay. Not sure about the other one, presume there are also some limitations.
No, I would prefer to share a folder on my machine, that way I have all the files locally and don't have to worry about uploading them.
Is it not possible to do this over a VPN ( hamachi ?? ) https://secure.logmein.com/products/.../download.aspx
If not then is it not possible to do FTP or SFTP over SSH ?
Think with the free version you have to use un-managed otherwise I think you have to pay for the managed version ??
FTP is inherently insecure, but this has to be taken with a few caveats... the reason it is insecure is that user credentials are generally transmitted in the clear. This is exploited by sniffing packets along the network route between user (your dad) and ftp server. Obviously this hasn't happened - if they had sniffed a password they would not be brute forcing. As such, there's no "problem" with insecure FTP as long as you are vigilant (it seems you are) and your dad keeps his machine looked after (some viruses install keyloggers that look for ftp creds).
Back up the photos - if someone does break in, they are more likely to add than remove, but this wont hurt
Make sure no accounts are enabled with "standard" names like root, anonymous, guest
Make sure your dad's password is better than trivially complex
Slightly harder suggestions, depending on your FTP server
SecureFTP (doesn't mitigate this issue, may help others, less likely to )
Block all IPs not in the netblock of your Dad's ISP (assume he's on a dynamic IP)
Use a nonstandard port (yick, makes your dad have to work something... if hes anything like my dad, thats a non-starter)
Check his password with John The Ripper
Use something like denyhosts (is denyhosts ssh only...? meh..)
Use SSH/SCP - would require him to use winscp
Run the ftp daemon in a chroot jail to protect the rest of your server
Dont show the welcome banner until after user auth
[QUOTE=theeldergeek;671626]Firstly, I'm wondering how they found the FTP server in the first place
They scanned your IP address and FTP's port number.
SFTP? Just install an SSH server on your machine (it does work on Windows too) and find an SFTP client for your Dad to use.Is there a more secure yet just as direct way to share a folder with him
tom_newton (10th May 2011)
^^^ what tom_newton said lol
Team Viewer lets you remote access a Pc it's free and simple to set up and it even has file transfer which is pretty neat!
Mr hicks is right (sorry, meant to answer that too... one of those "at work" posts where i get interrupted 6-8 times during writing)... this will have been a random portscan looking for something to attack. What malware types want is an ftp site to which they can upload stuff that will be served on the web. This isn't because they cant afford their own bandwidth, but to leverage "url trust" somewhere else - say they manage to put malware payload on a company's website, they can reliably hope that won't be blocked by "dumb" url filters and it might get plenty of passing visitors to infect.
They'll pick a block of IPs, and scan for services, sometimes selling IP:service lists to others who then do the attack, sometimes they do the attack themselves. You are more likely to be attacked if you have a dns entry, or you're on a static IP as these are decently indicitave of value.
Just to re-iterate earlier advice... FTP probably _is_ the tool for the job (especially if a break in would be quickly noticed and little harm could be done as you are backed up) - online services will prove costly for your data volumes, and vpn is overkill (especially if your dad is not uber-savvy). The only options i'd table if you're concerned are scp and sftp, but neither of these directly mitigate brute force attacks like the one seen - though pubkey ssh auth does, it is again subject to marginal setup overhead.
Oh.. and you could make your ftp directory readonly. That sounds like "a plan".
Best of luck
There are currently 1 users browsing this thread. (0 members and 1 guests)