FTP Attack

I have a server that only handles my Web sites (more than one site though). I was scanning through my logs the other day and see that we have been constantly getting hit by FTP requests (usually from some IP that tracks back to Asia or Europe). They are obviously dictionary attacking for passwords since the connects are 5 or 10 seconds apart and just one after the other for dozens or hundreds of times.

I also have a small number of portsentry messages saying certain hosts are trying to connect to ports and are blocked.

My immedate solution was to simply shutdown my FTP server since I don't serve public files via FTP and I can always turn it on if I need it to publish (or just do it manually with scp). I ran a root kit test and looked at other things -- it doesn't look like we were comprimised.

So my question: Does everyone get these random attacks several times a day? Or do I have someone out to get me in particular?

 

 

 

 

Top