Opened 9 years ago
Closed 9 years ago
#9522 closed Bug report (fixed)
Autoban does not work with IPv6
|Reported by:||Johannes||Owned by:|
|Component version:||Operating system type:||Windows|
|Operating system version:||Windows XP SP3|
I just tried a little bit with Hydra to brute force my logins. With IPv4, the autoban feature works: After 10 login attempts the IPv4 address is blocked.
However, with IPv6, this feature does NOT work. FileZilla Server says the following in its logs:
"421 Temporarily banned for too many failed login attempts"
But it still processes new incoming connections!
Change History (1)
comment:1 by , 9 years ago
|Priority:||normal → high|
|Status:||new → closed|
Note: See TracTickets for help on using tickets.
This will be fixed in the next version of FileZilla.
Note that the IPv6 address space is enormous, getting a new IPv6 address, and a new prefix even, is trivial. Relying on auto-ban is dangerous.
Instead, pick very long passwords.