I dont know if this is the right forum to ask, as I don't know if this should go into scripting forum or here.
I didn't set-up FTP server behind my MT and did not forward port 21 to any IP behind router.
FTP server service on MT is running and I want it to keep running.
I get daily more than 30000 unsuccessful attempts to login to MT ftp server, sometimes by user "Administrator", sometimes by another user (root/admin/anything-else)
Need to make MikroTik "blacklist" IP from which the "attack" is coming, after 5 unsuccessful attempts, for let's say, 24 hours.
Any help?
Thank you !!!!!
Re: Drop FTP connections after x times?
http://wiki.mikrotik.com/wiki/Bruteforc ... prevention
Though unless you need the FTP server to be open and accessible from EVERYWHERE, it would be far better to just restrict access:
Though unless you need the FTP server to be open and accessible from EVERYWHERE, it would be far better to just restrict access:
Code: Select all
/ip firewall address-list
add list=FTP-OK-from-here address=192.168.0.0/24
add list=FTP-OK-from-here address=1.1.1.1/24
/ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=FTP-OK-from-here action=accept
add chain=input protocol=tcp dst-port=21 action=drop
Re: Drop FTP connections after x times?
Thank you very very much !!!