I need to limit FTP access for a user to a specific IP.

carock

Well-Known Member
Sep 25, 2002
266
9
168
St. Charles, MO
I had one of my customer's web sites hacked with the mysterious FTP login to change their web site.

The informed me that the site will never be changed from anywhere other than the static IP they have.

does anyone know if it's possible to limit FPT login for a specific user so they are only allowed from certain IP's or IP?

I'm running ProFTP on this server, and PureFTP on others.

Thanks,
Chuck
 

jayh38

Well-Known Member
Mar 3, 2006
1,212
0
166
The should first change their passwords and you could then setup cphulk or get more protection using CSF and counter anyone trying to guess their password access and ban after 3 attempts.

Setup mod security as well. These are all basic things that would stop most problems like this, especially the brute force method of gaining access.
 

carock

Well-Known Member
Sep 25, 2002
266
9
168
St. Charles, MO
I have most of that in place already, but the client side was compromised with keylogger trojan, and there are no password failures, only successes from various IP's.

Thanks for your suggestions though, they are good.

Chuck