Opened 6 years ago

Closed 5 years ago

#9522 closed Bug report (fixed)

Autoban does not work with IPv6

Reported by: Johannes Owned by:
Priority: high Component: FileZilla Server
Keywords: IPv6 Cc:
Component version: Operating system type: Windows
Operating system version: Windows XP SP3

Description

I just tried a little bit with Hydra to brute force my logins. With IPv4, the autoban feature works: After 10 login attempts the IPv4 address is blocked.
However, with IPv6, this feature does NOT work. FileZilla Server says the following in its logs:
"421 Temporarily banned for too many failed login attempts"
But it still processes new incoming connections!

Change History (1)

comment:1 Changed 5 years ago by Tim Kosse

Priority: normalhigh
Resolution: fixed
Status: newclosed

This will be fixed in the next version of FileZilla.

Note that the IPv6 address space is enormous, getting a new IPv6 address, and a new prefix even, is trivial. Relying on auto-ban is dangerous.

Instead, pick very long passwords.

Note: See TracTickets for help on using tickets.