Yeah, right... Unfortunately from what I can read in the log the IP address
changes every day, so I believe that person is either using Dial-Up or there
are several twits trying to do the same thing.
Isn't there a way to tell MSFTPSVC to block unsuccessful login attempts from
the same IP after, say, 3 unsuccessful attempts within 1 min. for 120 secs.
or so?
TIA,
Axel Dahmen
---------------------------------------
"Rob Madison .actionitc.com>" <robmadison@<EATMESPAMMERS> schrieb im
Newsbeitrag news:33F651CB-3FBE-4218-AE1E-0E102F978B7C@microsoft.com...
[quoted text, click to view] > I hear you on this one. One of my clients has an FTP server running on
IIS6.
> They don't allow anonymous connections, so they'll have someone trying to
> connect, sometimes several hundred times in a 2 minute span. They'll use
> every possible variation of "Administrator" to gain access.
>
> Best thing you can do is look at the MSFTPSVC logs to find the IP address
of
> the attacker. Then use your firewall to block that IP.
>
> If someone were to write an app that looks at the MSFTPSVC logs and sees
the
> pattern of logon attempts and sends an alert to a server admin or, better
> yet, automaticall sets the rule in a firewall to block the IP, I'd buy it
in
> a heartbeat.
>
> Rob M.
>
> ----------------------------------------------
> Rob Madison, MCP MCSA
> Action I.T. Consulting
>
>
> "Axel Dahmen" wrote:
>
> > Hi,
> >
> > some sick person is bugging my FTP server on IIS5 with loads of
> > (unsuccessful) connection attempts (approx. 200,000 the last two
months). Is
> > there any way of stopping this nerd from steeling my processing time?
> >
> > TIA,
> > Axel Dahmen
> >
> >
> >
