Opened 19 years ago
Last modified 11 years ago
#2437 closed Feature request
Security IP or Account locking against Brute force attack
| Reported by: | fjooord | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | FileZilla Server |
| Keywords: | Cc: | fjooord, Tim Kosse | |
| Component version: | Operating system type: | ||
| Operating system version: |
Description
It would be a safe thing to lock user account or reject
IP address automatically after a defined number of bad
login.
thank you
Note:
See TracTickets
for help on using tickets.
FileZilla Server already slows down attackers significantly
on too many failed login attempts. Legitimate users can
still login at any given point, although it might take a
couple of seconds.
Automatic blocking won't be added though as that will
introduce an attack vector for denial of service attacks
where legitimate users will no longer be able to login.