Opened 14 years ago

Last modified 7 years ago

#2437 closed Feature request

Security IP or Account locking against Brute force attack

Reported by: fjooord Owned by:
Priority: normal Component: FileZilla Server
Keywords: Cc: fjooord, Tim Kosse
Component version: Operating system type:
Operating system version:

Description

It would be a safe thing to lock user account or reject
IP address automatically after a defined number of bad
login.

thank you


Change History (1)

comment:1 by Tim Kosse, 14 years ago

FileZilla Server already slows down attackers significantly
on too many failed login attempts. Legitimate users can
still login at any given point, although it might take a
couple of seconds.
Automatic blocking won't be added though as that will
introduce an attack vector for denial of service attacks
where legitimate users will no longer be able to login.

Note: See TracTickets for help on using tickets.