Opened 6 years ago
Limit number of invalid commands
|Operating system type:
|Operating system version:
|Microsoft Windows [Version 6.1.7601]
Right now there is no limit to the number of invalid commands that a user can send to the server. It's common for protocols to disconnect clients that don't behave.
I occasionally see (probably automated) attempts to connect to the FTP server and then the client sends data for a completely different protocol. This can go on for quite a while and will fill up the log file quickly.
I suggest adding an option that allows the user to define the maximum number of invalid commands until a connection is dropped.
This might be extended to "useless" commands. A client can spam "HELP" right now to get a disproportional large answer from the server, which could be leveraged into DDoS attacks.