|
| | | Forum Newbie
Group: Forum Members
Last Login: 6/5/2008 6:31:36 AM
Posts: 2, Visits: 5 |
| | We are running WS FTP Server with SSH. Problem is that someone is running somekind of dictionary based hacking system against server. I would like to know if server can be configured to automatically ban IP for selected time if failed login count from it is exceeded? I know that some other FTP servers can do this, but I am not sure about WS FTP Server with SSH. |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 4/25/2008 2:02:20 PM
Posts: 1, Visits: 6 |
| | We are experiencing the same issue, any suggestions would be great received. |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 4/9/2008 11:35:05 AM
Posts: 1, Visits: 3 |
| | I am in the same boat. I figured that as soon as we opened up SSH to the outside, that we would immediately be attacked - I was correct. I have a dozen or so denied IP addresses so far of people who have launched fairly intense dictionary style attacks. Unfortunately this creates a bit of a DOS for any legitimate FTP users as it busies out the FTP server. Other FTP servers have a "shun" feature which automatically prevents this type of attack. Any suggestions on how to prevent this would be good- or at least give us some encouragement that IPSWITCH is aware of the issue and is working on a fix. Thanks! |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 4/9/2008 3:32:32 PM
Posts: 1, Visits: 3 |
| | Just wanted to chime in that I am having the exact same problem. The same ip address just bombarding my WS_FTP Server with random usernames and passwords. Unfortunately I can lock real accounts that have been tried "X" number of times, but, because they are just using randomly generated usernames and passwords there is no way to block but to manually put each IP address into the blacklist as I notice the attacks. It seems like it should be possible to automatically ban a specific IP address if it has attempted to log in using hundreds of different usernames, but I cannot seem to locate a way to do this, is it at all possible? |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 4/17/2008 10:59:37 AM
Posts: 4, Visits: 6 |
| | Has there been any update to this? I'm having the exact same issue with dictionary hacking. Automatic ban is a feature that absoletely needs to be in the next release. |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 5/1/2008 9:06:49 AM
Posts: 4, Visits: 9 |
| | Add me to the list of customers that would love to see this feature added. |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 4/16/2008 2:42:08 PM
Posts: 1, Visits: 3 |
| | Same boat here, I wish there was to easily input banned IP address using know IP blocks from specific countries. |
| |
| | | Supreme Being
Group: Administrators
Last Login: Yesterday @ 9:30:13 AM
Posts: 117, Visits: 185 |
| | hello all, excellent feature request. the ability to auto block IP addresses is tentatively set for the next major server released. this work is already completed and feature complete. the system admin can now populate a white or black list and auto populate the blacklist based on x consecutive failed logins after x mins or hours from the same IP address. the offending IP Address will be automatically added to the blacklist for a settable period of time (hours, days, months, forever). we'll be releasing this to the TPP in the coming 1-2 months. I'll add the request to be able to manually add offending IP addresses (versus automatic population of offending IP addresses). hope this helps. bye for now,
Kevin R Gillis
Ipswitch, Inc. |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 4/17/2008 10:59:37 AM
Posts: 4, Visits: 6 |
| kevin r gillis (4/16/2008)
hello all, excellent feature request. the ability to auto block IP addresses is tentatively set for the next major server released. this work is already completed and feature complete. the system admin can now populate a white or black list and auto populate the blacklist based on x consecutive failed logins after x mins or hours from the same IP address. the offending IP Address will be automatically added to the blacklist for a settable period of time (hours, days, months, forever). we'll be releasing this to the TPP in the coming 1-2 months. I'll add the request to be able to manually add offending IP addresses (versus automatic population of offending IP addresses). hope this helps. bye for now, Thanks for the update Kevin. harmia (4/16/2008)
Same boat here, I wish there was to easily input banned IP address using know IP blocks from specific countries.Please add this to next release as well, thanks! |
| |
| | |
|