FTP being attacked

hi,

my FTP is always trying to be hacked but lucky i secured it enough so they can't upload or see what's in my ftp.

but there are alot of smart people out there that someday it they will get in.

i check my logs often enough so i have their IP address, then i check where they live. most attackers seem to be in germany and malaysia.

what else can i do with their IP address besides just pinging it??

Thanks

Kao

Here is some of the log from this guy in malay.

can somebody here explain these logs of what he tried to do??

with all the "530"'s it probably meant denied right?

2004-12-30 11:24:41 203.115.228.178 ftp MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [12]USER ftp - 331 0 FTP - - - -
2004-12-30 11:24:41 203.115.228.178 - MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [12]PASS ftp@ftp.net - 530 1326 FTP - - - -
2004-12-30 11:24:43 203.115.228.178 anyone MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [13]USER anyone - 331 0 FTP - - - -
2004-12-30 11:24:43 203.115.228.178 - MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [13]PASS - - 530 1326 FTP - - - -
2004-12-30 11:24:44 203.115.228.178 root MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [14]USER root - 331 0 FTP - - - -
2004-12-30 11:24:44 203.115.228.178 admin MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [15]USER admin - 331 0 FTP - - - -
2004-12-30 11:24:44 203.115.228.178 - MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [14]PASS - - 530 1326 FTP - - - -
2004-12-30 11:24:44 203.115.228.178 webmaster MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [16]USER webmaster - 331 0 FTP - - - -
2004-12-30 11:24:44 203.115.228.178 - MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [15]PASS - - 530 1326 FTP - - - -
2004-12-30 11:24:44 203.115.228.178 user MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [17]USER user - 331 0 FTP - - - -
2004-12-30 11:24:44 203.115.228.178 - MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [16]PASS - - 530 1326 FTP - - - -
2004-12-30 11:24:44 203.115.228.178 test MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [18]USER test - 331 0 FTP - - - -
2004-12-30 11:24:44 203.115.228.178 - MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [17]PASS - - 530 1326 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 web MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [19]USER web - 331 0 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 - MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [18]PASS - - 530 1326 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 www MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [20]USER www - 331 0 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 - MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [19]PASS - - 530 1326 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 administrator MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [22]USER administrator - 331 0 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 root MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [21]USER root - 331 0 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 - MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [20]PASS - - 530 1326 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 admin MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [23]USER admin - 331 0 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 oracle MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [24]USER oracle - 331 0 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 - MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [22]PASS - - 530 1326 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 - MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [21]PASS - - 530 1326 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 sybase MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [25]USER sybase - 331 0 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 - MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [23]PASS - - 530 1326 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 - MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [24]PASS - - 530 1326 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 user MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [27]USER user - 331 0 FTP - - - -
2004-12-30 11:24:45 203.115.228.178 webmaster MSFTPSVC1 MULTIMEDIA 192.168.0.203 21 [26]USER webmaster - 331 0 FTP - - - -

nmap telnet

My ssh is always being attacked as well. I don't really sweat it. I have a
monitoring script that pages me when an attack is in progress and
when someone logs in via SSH. So i know if I get both alerts at the
same time I should probably check in to it.

what is nmap telnet? what can that do?

can I see your script? I like to use one of those too.

I probably need to change my default log folder (MSFTPSVC1) to something else and relocate it somewhere else.

Since they are hacking me, is there a program to Ping them to death? like doing a DOS on their IP address for a couple of hours or so??

Thanks

Kao