Opened 11 years ago

Last modified 11 years ago

#3665 closed Bug report

Server Does Not Enforce Login Attempt Limit with SSL

Reported by: jguire1 Owned by:
Priority: normal Component: Other
Keywords: Cc: jguire1, Tim Kosse
Component version: Operating system type:
Operating system version:

Description

I have autoban enabled for 5 failed login attempts. I also "Force SSL for user login".

The autoban never fires because, I assume, users attempting login get the return error stating that SSL is required and the attempt is not counted into the autoban limit.

This situation results in daily logs of up to 3MB in size due to repeated brute force attempts at login. It appears as if there is a program that kiddie hax0rs all over the world have available. I add address masks to the IP Filter as attempts are made, but new kiddies keep trying. I've filtered out most of China by now. Please see the attachedf log exerpt.

Attachments (1)

Excerpt from fzs-2008-08-09.log (2.4 KB) - added by jguire1 11 years ago.
Excerpt from FileZilla Server Log

Download all attachments as: .zip

Change History (2)

Changed 11 years ago by jguire1

Excerpt from FileZilla Server Log

comment:1 Changed 11 years ago by Tim Kosse

This is not a FileZilla 3 bug report.

Note: See TracTickets for help on using tickets.