Opened 11 years ago
Closed 10 years ago
#9522 closed Bug report (fixed)
Autoban does not work with IPv6
| Reported by: | Johannes | Owned by: | |
|---|---|---|---|
| Priority: | high | Component: | FileZilla Server |
| Keywords: | IPv6 | Cc: | |
| Component version: | Operating system type: | Windows | |
| Operating system version: | Windows XP SP3 |
Description
I just tried a little bit with Hydra to brute force my logins. With IPv4, the autoban feature works: After 10 login attempts the IPv4 address is blocked.
However, with IPv6, this feature does NOT work. FileZilla Server says the following in its logs:
"421 Temporarily banned for too many failed login attempts"
But it still processes new incoming connections!
Change History (1)
comment:1 by , 10 years ago
| Priority: | normal → high |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
This will be fixed in the next version of FileZilla.
Note that the IPv6 address space is enormous, getting a new IPv6 address, and a new prefix even, is trivial. Relying on auto-ban is dangerous.
Instead, pick very long passwords.