I've noticed lately I'm getting a lot of attacks via FTP. I've checked the CSF configuration, and I've found this:
FTPD_LOG = "/var/log/secure" (restricted UI item)
Obviously, this can't be right, because /var/log/secure doesn't exist. Should I change this value to /var/log/proftpd/auth.log?
I'm using DirectAdmin for a control panel. It's unknown to me if DA uses a different log file format.
There is not /var/log/proftpd/proftpd.conf, the access.conf is empty. Also, nothing in /var/log/messages for proftp errors.
CSF not blocking mass FTP attacks
Re: CSF not blocking mass FTP attacks
you should change it to wherever your ftpd logs authentication failures
if not sure, do a failed ftp access, and see where it logs
if not sure, do a failed ftp access, and see where it logs