Re: Ftp hackning

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: greg gallager <greggallager@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 29 Nov 2006 10:53:01 -0800

---

I wrote a VB app that scans the FTP log counting the number of invalid login
attempts by IP address and once a threshold is reached (say 50 failures) will
add the IP to the exception list. What this does is should that IP ever
succeed they will have no access to the FTP site, it can't keep them from
trying. Over a 6 month period I have close to 300 different IP address that
have been trying to hack in.

My next step is to run on a different port but I am having difficulty,
though it should be pretty simple to do.
--
greg gallager
gallid assoc inc


"Bernard Cheah [MVP]" wrote:

Google this group. there's few auto block script posted.
it check the ftp log, check x login times within a period, then block the
ip.
--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


"vlape" <vlape@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3F019034-768E-4875-B654-DBAAF2606BF3@xxxxxxxxxxxxxxxx

There is no builtin protection to tarpit a brute force? how about auto
block
IP after X failed attempts? my FTP is getting hammered every night. To
manually go in and block each IP is a pain. anyone know if ISA can monitor
and block failed attempts?

"Bernard Cheah [MVP]" wrote:

Nope. this is quite common. typically - you can block this bad ip address
from accessing the site.

--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


"Bj?n Christensen" <bjorn-newsremove@xxxxxxxxxx> wrote in message
news:Oxo06EwBHHA.4948@xxxxxxxxxxxxxxxxxxxxxxx

I can see from the logfiles that there are evil peoble trying to get
access
to out ftp server (W2003), and I am suprised that they are able to try
a
new
password so fast, I would have expected that the windows security
system
would increase the delay every time a wrong password were given.

I this a feature that need to be configured somewhere???

.

---

• Follow-Ups:
  • Re: Ftp hackning
    • From: Bernard Cheah [MVP]

• Prev by Date: Unexpected error 0x800cc801 occurred
• Next by Date: Re: FTP Server Challenge
• Previous by thread: Unexpected error 0x800cc801 occurred
• Next by thread: Re: Ftp hackning
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ftp error messages ... "You entered an invalid login name or password";done ... Subject: ftp error messages ... You will probably be asked to change your FTP server version info to ... 530 Login incorrect. ... (AIX-L) Re: FTP server doesnt work after upgrading from Windows 2000 to X ... What does IIS ftp log file say? ... This process has been working smoothly with Windows NT 4.0 and ... >> Bernard Cheah ... (microsoft.public.inetserver.iis) Re: Ftp hackning ... it check the ftp log, check x login times within a period, then block the ... Bernard Cheah ... my FTP is getting hammered every night. ... (microsoft.public.inetserver.iis.ftp) Re: ftp error messages ... the phrase "You entered an invalid login name or password" ... You will probably be asked to change your FTP server version info to ... 530 Login incorrect. ... (AIX-L) Re: Remove FTP Anonymous Login Prompt ... Pls post the ftp log here. ... I get another login prompt called: ... >> Bernard Cheah ... (microsoft.public.inetserver.iis.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Internet-Server  > microsoft.public.inetserver.iis.ftp  > 2006-12