Opened 18 years ago

Last modified 11 years ago

#2532 closed Feature request

Option for Auto kick on administrator login

Reported by: rhettabrown Owned by:
Priority: low Component: FileZilla Server
Keywords: Cc: rhettabrown, montyl, n3r0, jarcand, ngrusz1, some_yahoo, orrbernstein, Tim Kosse
Component version: Operating system type:
Operating system version:

Description

An option to allow Filezilla server to automatically
kick a user that tries to log in using the
Administrator username if the request did not
originate from the local machine. Or maybe an editable
list of names that can be maintained for "Auto-Kick"
feature. If it makes more sense to you, having a
setting of tries before kicking the user would be fine
as well.

The trigger for this is the constant attempts I get on
Filezilla server to log in using the Administrator
account, which I have not set up. More of an annoyance
than anything else. If not important to anyone else,
then just kill the request and let me know.

Thanks,
RABrown

Change History (8)

comment:1 by montyl, 18 years ago

A sensible request, Rhetta, but I'd like to suggest maybe
going one step further: Automatic addition of an IP filter
based on the failed login attempt (user selectable but
default 3, for instance) and logging of said hack attempt?
Kicking only thwarts the live bodies trying to get in.

Personally, I've taken to excluding all IPs, and adding
only the pool range for each of the individual user's local
ISPs.

Monty

comment:2 by n3r0, 18 years ago

Number one most requested feature. The entire asain region
hacks me all day every day.

Obviously someone will have to code this themself, as for
some reason the simple feature that is present in every
other ftp server I have used since windows 95 cannot be
added in simply.

Filezilla is no doubt the best i've used. Someone needs to
read up on ACL in whatever language this is written in.
Personally, im giving them till xmas. And i have many
filezilla servers and clients deployed (non commercialy).

I have just commited 20 american dollars. Money talks, as
they say.

comment:3 by jarcand, 18 years ago

I vote for this feature also.

At the bare minimum, I would like to be able to configure
the server to automatically kick and ban/block the IP of
users who try to login as Administrator, but additional
configuration settings would be nice.

comment:4 by ngrusz1, 18 years ago

I agree with everyone else. FileZilla is the best server I've ever used *except* for the absence of this feature. Several other FTP servers have some kind of auto-kick option, and FileZilla's lack of this feature is the only reason I'm not currently using it. I'm quickly growing dissatisfied with the various other FTP servers since they lack a lot of the other functionality that FileZilla has, but I really like the auto-kick option. If I were a programmer I would add it myself, but I'm not that good...

I would gladly donate a few bucks to the project if it would help get this feature implemented.

comment:5 by some_yahoo, 18 years ago

While we're at it, why not display the list of blocked IPs with linefeeds rather than a space between. That's annoying to try to read and edit.

comment:6 by orrbernstein, 17 years ago

I too find this the biggest missing feature of Filezilla Server. My workaround for the moment is to check my logs frequently and simply add anybody who's tried to break in to the IP Filter, usually adding their Class C or even their Class A if there have been several attempts from the same Class A. This is ungratifying, though, because they're usually long since gone and another person from a different Class A tries the following day. Plus I'm sure one day I'll end up blocking myself. The "x tries and you're blocked for y minutes" feature seems like an obvious and necessary one. I'd gladly donate if this feature were implemented!

comment:7 by Tim Kosse, 17 years ago

Rejected. If you do not have an account named "Administrator", there's no harm done by anyone connecting as administrator.

comment:8 by ngrusz1, 17 years ago

Please don't take offense to this, but I don't think that codesquid's comment of "not having an account named Administrator" is really an acceptable solution to this problem. Obviously if the account doesn't exist, the brute force attack against it won't work. But that doesn't stop the attack from using up system resources (memory, bandwidth, and processing power) and filling up the log files. Automatically blocking the IP address would reduce the overhead taken up by the attack (as little as it may be). The other option (which I've seen some system administrators do) is to change the port number of the server so it wouldn't be easily found by port scanners, but of course this makes it less publicly accessible. I still think an auto-ban feature would be a very nice addition to the server.

Note: See TracTickets for help on using tickets.