|
| | | Junior Member
 
Group: Forum Members
Last Login: Yesterday @ 9:08:24 AM
Posts: 10, Visits: 128 |
| | Hi all, My server's been getting hammered almost every night for the past several weeks. I was happy to upgrade to v7 because of its IP lockout and automatic blacklisting capabilities, but it isn't working against these yahoos. It's just a standard dictionary attack - they try a name, get booted, then try another. They use one IP address for a couple hours then switch to another (or change shifts, damned if I know.) I have my IP lockout settings set to blacklist an address when it fails 10 times in 5 minutes. It ain't working, at least not with these guys. I've got a chunk of log showing one address trying 117 times in a 5 minute span. I've tested it manually several times and I've been locked out successfully every time, so I know it "basically" works, but somehow they're getting around it. Does anyone have any insight? Regards,
Marc |
| |
| | | 
Time Traveler
Group: Forum Administrators
Last Login: 1/2/2009 5:04:15 PM
Posts: 190, Visits: 433 |
| | I would like to take a look at the actual configuration on the server and also at the logs. Can you call into technical support so we can go through the settings on the server and also do some testing? Technical Support can be reached at 781-676-5700. Regards,
Travis G. Ipswitch, Inc. |
| |
| | | Junior Member
Group: Forum Members
Last Login: Yesterday @ 9:08:24 AM
Posts: 10, Visits: 128 |
| | Yep I'll do that now (or when you open... not sure which timezone you're in.) Marc |
| |
| | |
Time Traveler
Group: Forum Administrators
Last Login: 1/2/2009 5:04:15 PM
Posts: 190, Visits: 433 |
| We are EST. Open Monday - Friday 9am to 6pm except on Tuesday, open from 10:30am to 6pm.
Travis G. Ipswitch, Inc. |
| |
| | |
Time Traveler
Group: Forum Administrators
Last Login: 1/2/2009 5:04:15 PM
Posts: 190, Visits: 433 |
| | Information on using Control Access Lists and Ip Lockouts: This behavior is documented in the Help, Access Control, and About IPLockouts. Also a side bar note on the Access Control asp page: When an IP address is added to Access Control and IP Lockouts is enabled, the IP address does not get added to the Blacklist. The Access Control setting will be used, so the IP address will be able to connect to the server, but then will be blocked at the host-level. I would strongly recommend that the IP Lockouts feature be used instead of Access Control because IP Lockouts work at the server-level, blocking access when an offending IP address tries to establish a connection. As a result, the IP Lockouts feature is more efficient and secure, as it identifies an attack when the attack begins and it puts host resources out of reach.
Travis G. Ipswitch, Inc. |
| |
|
|