Opened 3 years ago
Limit number of invalid commands
|Reported by:||Kevin Gut||Owned by:|
|Component version:||0.9.6 beta||Operating system type:||Windows|
|Operating system version:||Microsoft Windows [Version 6.1.7601]|
Right now there is no limit to the number of invalid commands that a user can send to the server. It's common for protocols to disconnect clients that don't behave.
I occasionally see (probably automated) attempts to connect to the FTP server and then the client sends data for a completely different protocol. This can go on for quite a while and will fill up the log file quickly.
I suggest adding an option that allows the user to define the maximum number of invalid commands until a connection is dropped.
This might be extended to "useless" commands. A client can spam "HELP" right now to get a disproportional large answer from the server, which could be leveraged into DDoS attacks.