| Groups | Blog | Home |
iis ftp : FTP Login anomaly
problem with a user complaining about not being able to connect. I checked the users account and it was locked out. I looked at the logs and noticed numerous attempts to login. I tried myself with a different account entering a wrong password and the logs showed 3 attempts, not 1. Is this normal? I set the Local Security to 5 invalid attempts but if one incorrect login counts 3, I would have to triple the Invalid Attempts to allow 5 incorrect passwords, no? Thanks, Ben
Can you post the log here ?
-- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ [quoted text, click to view] "Ben" <b_gardy*REMOVE*@hotmail.com> wrote in message news:ekSrJO0KFHA.576@TK2MSFTNGP15.phx.gbl... >I am running IIS5.0 with windows user accounts for FTP login. I had a >problem with a user complaining about not being able to connect. I checked >the users account and it was locked out. I looked at the logs and noticed >numerous attempts to login. I tried myself with a different account >entering a wrong password and the logs showed 3 attempts, not 1. Is this >normal? I set the Local Security to 5 invalid attempts but if one incorrect >login counts 3, I would have to triple the Invalid Attempts to allow 5 >incorrect passwords, no? > > Thanks, > > Ben >
Sorry for the delay posting the logs. Busy busy busy.
19:17:16 216.113.xxx.xxx [2220]USER useraccount 331 19:17:16 216.113.xxx.xxx [2220]PASS - 530 19:17:16 216.113.xxx.xxx [2221]USER useraccount 331 19:17:16 216.113.xxx.xxx [2221]PASS - 530 19:17:16 216.113.xxx.xxx [2222]USER useraccount 331 19:17:16 216.113.xxx.xxx [2222]PASS - 530 19:17:18 216.113.xxx.xxx [2223]USER useraccount 331 19:17:18 216.113.xxx.xxx [2223]PASS - 530 19:17:18 216.113.xxx.xxx [2224]USER useraccount 331 19:17:18 216.113.xxx.xxx [2224]PASS - 530 19:17:18 216.113.xxx.xxx [2225]USER useraccount 331 19:17:18 216.113.xxx.xxx [2225]PASS - 530 19:17:19 216.113.xxx.xxx [2226]USER useraccount 331 19:17:19 216.113.xxx.xxx [2226]PASS - 530 19:17:19 216.113.xxx.xxx [2227]USER useraccount 331 19:17:19 216.113.xxx.xxx [2227]PASS - 530 19:17:19 216.113.xxx.xxx [2228]USER useraccount 331 19:17:19 216.113.xxx.xxx [2228]PASS - 530 19:17:19 216.113.xxx.xxx [2229]USER useraccount 331 19:17:19 216.113.xxx.xxx [2229]PASS - 530 19:17:19 216.113.xxx.xxx [2230]USER useraccount 331 19:17:19 216.113.xxx.xxx [2230]PASS - 530 19:17:22 216.113.xxx.xxx [2231]USER useraccount 331 19:17:22 216.113.xxx.xxx [2231]PASS - 530 19:17:27 216.113.xxx.xxx [2232]USER useraccount 331 19:17:27 216.113.xxx.xxx [2232]PASS - 530 19:17:37 216.113.xxx.xxx [2233]USER useraccount 331 19:17:37 216.113.xxx.xxx [2233]PASS - 530 19:18:50 24.108.xxx.xxx [2234]USER useraccount 331 19:18:50 24.108.xxx.xxx [2234]PASS - 530 19:18:50 24.108.xxx.xxx [2235]USER useraccount 331 19:18:50 24.108.xxx.xxx [2235]PASS - 530 19:19:06 24.108.xxx.xxx [2236]USER useraccount 331 19:19:06 24.108.xxx.xxx [2236]PASS - 530 19:24:53 24.108.xxx.xxx [2237]USER myaccount 331 19:24:53 24.108.xxx.xxx [2237]PASS - 530 19:24:58 24.108.xxx.xxx [2238]USER myaccount 331 19:24:58 24.108.xxx.xxx [2238]PASS - 530 Don't know if this is any help. Ben [quoted text, click to view] "Bernard" <qbernard@hotmail.com.discuss> wrote in message news:u0Rvry2KFHA.688@TK2MSFTNGP10.phx.gbl... > Can you post the log here ? > > -- > Regards, > Bernard Cheah > http://www.tryiis.com/ > http://support.microsoft.com/ > http://www.msmvps.com/bernard/ > > > "Ben" <b_gardy*REMOVE*@hotmail.com> wrote in message > news:ekSrJO0KFHA.576@TK2MSFTNGP15.phx.gbl... >>I am running IIS5.0 with windows user accounts for FTP login. I had a >>problem with a user complaining about not being able to connect. I checked >>the users account and it was locked out. I looked at the logs and noticed >>numerous attempts to login. I tried myself with a different account >>entering a wrong password and the logs showed 3 attempts, not 1. Is this >>normal? I set the Local Security to 5 invalid attempts but if one >>incorrect login counts 3, I would have to triple the Invalid Attempts to >>allow 5 incorrect passwords, no? >> >> Thanks, >> >> Ben >> > >
[quoted text, click to view]
"Ben" <b_gardy*REMOVE*@hotmail.com> wrote in message news:ekSrJO0KFHA.576@TK2MSFTNGP15.phx.gbl... >I am running IIS5.0 with windows user accounts for FTP login. I had a >problem with a user complaining about not being able to connect. I checked >the users account and it was locked out. I looked at the logs and noticed >numerous attempts to login. I tried myself with a different account >entering a wrong password and the logs showed 3 attempts, not 1. Is this >normal? I set the Local Security to 5 invalid attempts but if one incorrect >login counts 3, I would have to triple the Invalid Attempts to allow 5 >incorrect passwords, no? What FTP client are you using? Some clients may attempt to logon more than once, in case the initial rejection was just some fluke. Account lockouts should be used in the case where your passwords are sufficiently unsecure that you would rather have the account fail to logon and need resetting by a system administrator, than have a handful of guesses run against the password. Account lockouts are a deliberate denial of service to the user by the system administrator. There are many opinions on account lockouts, but if you use them, you have to be aware that this is the result of their use. The alternative to account lockouts is to ensure (through education and policy) that your users are creating strong passwords that cannot so easily be guessed. Alun. ~~~~ -- Software Design Engineer, Internet Information Server (FTP) This posting is provided "AS IS" with no warranties, and confers no rights.
Ok, now try this.
Err Msg: 530 User <Username> Cannot Log In. Login Failed. http://support.microsoft.com/?id=200475 -- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ [quoted text, click to view] "Ben" <b_gardy*REMOVE*@hotmail.com> wrote in message news:Ox2JJnWLFHA.544@TK2MSFTNGP10.phx.gbl... > Sorry for the delay posting the logs. Busy busy busy. > > 19:17:16 216.113.xxx.xxx [2220]USER useraccount 331 > 19:17:16 216.113.xxx.xxx [2220]PASS - 530 > 19:17:16 216.113.xxx.xxx [2221]USER useraccount 331 > 19:17:16 216.113.xxx.xxx [2221]PASS - 530 > 19:17:16 216.113.xxx.xxx [2222]USER useraccount 331 > 19:17:16 216.113.xxx.xxx [2222]PASS - 530 > 19:17:18 216.113.xxx.xxx [2223]USER useraccount 331 > 19:17:18 216.113.xxx.xxx [2223]PASS - 530 > 19:17:18 216.113.xxx.xxx [2224]USER useraccount 331 > 19:17:18 216.113.xxx.xxx [2224]PASS - 530 > 19:17:18 216.113.xxx.xxx [2225]USER useraccount 331 > 19:17:18 216.113.xxx.xxx [2225]PASS - 530 > 19:17:19 216.113.xxx.xxx [2226]USER useraccount 331 > 19:17:19 216.113.xxx.xxx [2226]PASS - 530 > 19:17:19 216.113.xxx.xxx [2227]USER useraccount 331 > 19:17:19 216.113.xxx.xxx [2227]PASS - 530 > 19:17:19 216.113.xxx.xxx [2228]USER useraccount 331 > 19:17:19 216.113.xxx.xxx [2228]PASS - 530 > 19:17:19 216.113.xxx.xxx [2229]USER useraccount 331 > 19:17:19 216.113.xxx.xxx [2229]PASS - 530 > 19:17:19 216.113.xxx.xxx [2230]USER useraccount 331 > 19:17:19 216.113.xxx.xxx [2230]PASS - 530 > 19:17:22 216.113.xxx.xxx [2231]USER useraccount 331 > 19:17:22 216.113.xxx.xxx [2231]PASS - 530 > 19:17:27 216.113.xxx.xxx [2232]USER useraccount 331 > 19:17:27 216.113.xxx.xxx [2232]PASS - 530 > 19:17:37 216.113.xxx.xxx [2233]USER useraccount 331 > 19:17:37 216.113.xxx.xxx [2233]PASS - 530 > 19:18:50 24.108.xxx.xxx [2234]USER useraccount 331 > 19:18:50 24.108.xxx.xxx [2234]PASS - 530 > 19:18:50 24.108.xxx.xxx [2235]USER useraccount 331 > 19:18:50 24.108.xxx.xxx [2235]PASS - 530 > 19:19:06 24.108.xxx.xxx [2236]USER useraccount 331 > 19:19:06 24.108.xxx.xxx [2236]PASS - 530 > 19:24:53 24.108.xxx.xxx [2237]USER myaccount 331 > 19:24:53 24.108.xxx.xxx [2237]PASS - 530 > 19:24:58 24.108.xxx.xxx [2238]USER myaccount 331 > 19:24:58 24.108.xxx.xxx [2238]PASS - 530 > > Don't know if this is any help. > > Ben > > > "Bernard" <qbernard@hotmail.com.discuss> wrote in message > news:u0Rvry2KFHA.688@TK2MSFTNGP10.phx.gbl... >> Can you post the log here ? >> >> -- >> Regards, >> Bernard Cheah >> http://www.tryiis.com/ >> http://support.microsoft.com/ >> http://www.msmvps.com/bernard/ >> >> >> "Ben" <b_gardy*REMOVE*@hotmail.com> wrote in message >> news:ekSrJO0KFHA.576@TK2MSFTNGP15.phx.gbl... >>>I am running IIS5.0 with windows user accounts for FTP login. I had a >>>problem with a user complaining about not being able to connect. I >>>checked the users account and it was locked out. I looked at the logs and >>>noticed numerous attempts to login. I tried myself with a different >>>account entering a wrong password and the logs showed 3 attempts, not 1. >>>Is this normal? I set the Local Security to 5 invalid attempts but if one >>>incorrect login counts 3, I would have to triple the Invalid Attempts to >>>allow 5 incorrect passwords, no? >>> >>> Thanks, >>> >>> Ben >>> >> >> > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |