Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : fork bombed from brazil for the last two weeks - any ideas?

[miami_g]

we have been getting fork bombed from brazil for the last two weeks, finally traced the ip.

the attacks have been anonymous ftp based.

wonder if denial of ip class at the router level would stop this trash.
since we have no customers in south america, excluding the class would not bother us a bit.

any ideas or success we have we will share.


g

[priyadi]

I guess that's not a 'fork bomb' attack, but more likely a shell expansion attack (or something like that). You need to upgrade your FTP daemon to a more recent version that's immune from the problem.

And do you really need anonymous FTP in the first place? If you don't really need it, it is better to stop using it, and instead serve your files from HTTP.

[Tim Greer]

Going with what priyadi suggested, the best FTP service I know of, is ProFTPD. You can set filters like:

DenyFilter (\*.*/)|%

to prevent such things as was suggested being the cause above -- plus, the other bonusus are, like Apache, you can set in rules and limits. You can limit the number of connections, apply filters and rules and even set resource limits, so people can't attack your FTP service and crash your server or commit any DoS's on the service itself.