« Previous Next »

• 09-07-2006, 3:47 PM

  KenP2600 Joined on 03-08-2004, 11:55 AM Maryland Posts 3

  IIS 6 FTP Server brute force attacks, can I block IPs automatically after many failures? Reply Contact Every time I check my server logs, I've got some IP address hitting my server a few thousand times in a row with a random username.  Usually it has several requests per second for a few hours at a time.  Each time I find this, I block the IP address in IIS which stops it until they switch IP addresses.  Is there a way to automatically have the IP blocked after a set number of failed logins?  My FTP server doesn't get much "real" traffic so I'm not concerned with locking out actual users.  Thanks!

• 09-07-2006, 3:55 PM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,238	Re: IIS 6 FTP Server brute force attacks, can I block IPs automatically after many failures? Reply Contact I'm not aware of any existing product or technique to do this. Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 09-14-2006, 12:50 AM

  In reply to

  Bernard Joined on 05-24-2006, 4:30 AM Malaysia Posts 291	Re: IIS 6 FTP Server brute force attacks, can I block IPs automatically after many failures? Reply Contact Some smart IDS and expensive firewall have this feature I think.... blocking at IIS level will not help as well if the attack traffic is huge. Cheers, Bernard Cheah

• 10-16-2006, 8:30 AM

  In reply to

  bblazarus Joined on 10-16-2006, 12:28 PM Posts 1	Re: IIS 6 FTP Server brute force attacks, can I block IPs automatically after many failures? Reply Contact Check out this link. It seems to do the job. http://blog.netnerds.net/2006/07/ban-administrator-ftp-login-attemps/

• 10-16-2006, 10:13 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,238	Re: IIS 6 FTP Server brute force attacks, can I block IPs automatically after many failures? Reply Contact Interesting! Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 10-17-2006, 12:35 AM

  In reply to

  Bernard Joined on 05-24-2006, 4:30 AM Malaysia Posts 291	Re: IIS 6 FTP Server brute force attacks, can I block IPs automatically after many failures? Reply Contact LOL... finally - someone took the time and write it.  Here's another post with similar intention. http://groups.google.com.my/group/microsoft.public.inetserver.iis.security/msg/a300c839bc5ba61d?hl=en&   Cheers, Bernard Cheah

• 10-26-2007, 12:46 PM

  In reply to

  LucidObscurity Joined on 10-26-2007, 4:40 PM Posts 2

  Re: IIS 6 FTP Server brute force attacks, can I block IPs automatically after many failures? Reply Contact Well, that script will make sure that no matter how many times they try, the brute force robot will never get in, but your server will still respond to every request for hours on end using precious resources and bandwidth. I've written a small application in .NET that will stop your server from responding completely. You'll see a few entries in your logs, but once the app sees the attack those entries will cease from that IP. It works for me, but I would need to add some additional configuration options if I were to distribute it.  So, that being said, would anyone here pay 3-5 bucks for something that would solve this problem once and for all? Also let me know if you'd prefer a windows service over a desktop application though I'll probably write both and give you guys a choice. Please reply in this thread or contact me. Thanks.

• 10-26-2007, 5:32 PM

  In reply to

  jeff@zina.com Joined on 09-26-2003, 10:43 AM Naples, FL, USA Posts 2,113

  Re: IIS 6 FTP Server brute force attacks, can I block IPs automatically after many failures? Reply Contact Stopping brute force attacks isn't the job of a web server, or any server for that matter.  These need to be stopped at the edge of the network, in a firewall or IDS.  Otherwise they just become DOS attacks and shut down access to the server anyway. Jeff Look for Wrox's new book Professional IIS 7 in your local bookstore, or order now at Amazon.com

• 10-29-2007, 11:26 AM

  In reply to

  LucidObscurity Joined on 10-26-2007, 4:40 PM Posts 2

  Re: IIS 6 FTP Server brute force attacks, can I block IPs automatically after many failures? Reply Contact Firewalls don't know the difference between good and bad traffic if that traffic is not at the DOS attack frequency. I agree that restricting access is the job of the firewall; however I don't know of anyway to setup NATing, filters or anthing else that will reliably determine the difference between a brute force attack and legitimate traffic. Even if this product does exists it likely costs upwards of $5,000. I'm simply offering a solution to hobbiest and those running home networks or managing a small business and can't afford to spend more on a firewall than they did on their main server. Go ahead, give it a shot. ftp://fhclive.com. FYI: it'll take 10 attempts before it recognizes the attack and anonymous is allowed so try another user (i.e. administrator). if you like what you see email ftp@fhclive.com

• 10-01-2009, 11:18 AM

  In reply to

  TolchinJ Joined on 06-13-2006, 11:15 PM Posts 3	Re: IIS 6 FTP Server brute force attacks, can I block IPs automatically after many failures? Reply Contact A very inexpensive solution for blocking FTP Attacks on IIS servers can be found at: http://www.ftpblocker.com/ It is very useful for smaller business who don't have hardware firewalls or sniffers to block these attacks.
  	Tags: iisFTPhacking