Opened 16 years ago

Last modified 15 years ago

#1899 closed Feature request

Ban on hammering (filezilla server)

Reported by: anonymous Owned by:
Priority: normal Component: Other
Keywords: Cc: Eirik, stefpet, Tim Kosse
Component version: Operating system type:
Operating system version:

Description

people who try try to login to quick after each other
should be bant for a while (make an option of it). So
when someone is doing a dictionary attack or so will
fail. :)

Change History (4)

comment:1 Changed 16 years ago by anonymous

Logged In: NO

Also...
1) for a failed login, wait some time (eg 15 seconds) before

sending a fail message. Perhaps even provide an option to
increase that delay progressively for successive failures.

2) lock-out an account for 'M' minutes after 'N' failed logins.
3) For multiple simultaneous connects from a host, only

allow one connection to be in the login state at any one

time.

This will hardly affect legitimate connects (eg through a
proxy), but brute-force attacks will take too long to be
effective.

comment:2 Changed 15 years ago by Eirik

More a feature request than a support request - moved.

comment:3 Changed 15 years ago by stefpet

Would really like to see this implemented. I see brute-force
dictionary hacking atempts quite frequently in my log-files.

comment:4 Changed 15 years ago by Tim Kosse

Implemented in 0.9.2, trying to log in too often will slow
down the client significantly. Dictionary/brute force
attacks are no longer a viable solution to attack the server.

Note: See TracTickets for help on using tickets.