Server Security from Bruteforce - FTP

[Excellis1]

I have done some 'research' through hash-cat and Brutus password crackers (trying backtrack now) into securing servers from brute forcing without login attempt maximums. So far I have found that - expectantly - with FTP disabled most brute force systems don't work, but login is still possible. It lies in the fact that most brute forces make their attempts through text files, which typically cannot be sent without FTP - try it.


I am working on some code to disable FTP while the server is not being uploaded too, I will see if it works and update this thread.


I am new to the site and to hacking, although I have coded for a while now, so go easy if you think this idea is stupid.


Thanks,
Ex.

[Master_D]

I believe you could also use fail2ban with ftp services to do what you want.

[HexEngineer]

I don't see any way to avoid(or patch in other words) brute-force attack without attempt maximum. I was unable to understand at least 90% of the things you said, but you said something about "tools", what will happen if I write a custume brute-force tool for your script? Hacking isn't just for using tools. Also I can try to guess the user:pass by hand, how would you stop me without attempt max? The only way I see is to wait for delays between logins. For example if from given IP you get 100 attempts per second this is 100% attack, this  cannot be done by human, but again I can add delay in my tool(for example one attempt per second).
P.S.
Sorry for my bad grammer.