All attacks are via proftpd.
How do they discover the usernames? I am the only user with elevated authority on the server and I am certain my account is secure.
All users are added via DirectAdmin and have no special rights. There must be some kind of exploit that reveals usernames… this cannot be coincidence or random… all brute force attacks are valid usernames.
I’m on CentOS 6 with all updates. DirectAdmin 1.40.3 with all the latest updates.
Suggestions are welcomed.