Better defences against bruteforce FTP AttacksRSS

2 replies

Last post Mar 19, 2014 09:11 AM by Montago

  • Better defences against bruteforce FTP Attacks

    Mar 18, 2014 05:18 PM|Montago|LINK

    It blows my mind that IIS has an FTP Service that doesn't have a single defence against password bruteforce attacks. 

    10 days after spinning up my FTP server, i've gotten several attacks were a single IP have tried 200+ user/password combinations. 

    so far, the only bad thing that has happened is that i've gained some rather large LOG files, but no one has gotten through - luckely i have strong passwords. 

    So my feature request is obviously some options to automatically block hackers by their IP, after X failed attempts. 

    More options to block attackers are welcome too !

    EDIT:

    IIS 8.0 solves this issue:  http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-ftp-logon-attempt-restrictions

    So i guess i have to upgrade to IIS 8.0 Express ... hmmm... i wonder what the difference to Win7 IIS 7.5 is.. 

    attack Hackerprotection bruteforce

    Microsoft Silverlight Partner (since 2010)
    Microsoft Gold Partner
  • Re: Better defences against bruteforce FTP Attacks

    Mar 18, 2014 09:10 PM|lextm|LINK

    To be more specific, you need to upgrade to Windows Server 2012 and above.

    IIS 8 Express is a development server for HTTP/HTTPS so it does not support FTP at all.

    attack Hackerprotection bruteforce

    Lex Li
    IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: Better defences against bruteforce FTP Attacks

    Mar 19, 2014 09:11 AM|Montago|LINK

    dammit... i knew something was missing in the express...

    Well, im NOT going to install Server 2012 nor Windows 8 ... its just too horrible to borther with. 

    I guess i'll continue my endeavour to extend IIS 7.5 with a custom Authentication :)

    Thanks !

    attack Hackerprotection bruteforce

    Microsoft Silverlight Partner (since 2010)
    Microsoft Gold Partner