Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

FTP being hammered by...

Status
Not open for further replies.
ideasworking

ideasworking

Programmer
Dec 2, 2001
120
CA
Hello,

I was looking in the event viewer and I see that over the past several days someone has made about 80,000 attempts to gain access to my Win2003 server via FTP. I could block the FTP port at the firewall... but to be honest I'd like to keep it open as I often FTP to this server. What else can I do to discourage people from hammering this server?

Thanks,
Lou
 
Sort by date Sort by votes
Had the same issue, did some checking, and these are folks in Asia and some in Europe poking around looking for weak passwords to get into your server. Make sure your Administration password is strong.

You can try closing ranges of IP addresses from these places or close it to all but your IP address you are using to FTP.

Don Phillips
 
Upvote 0 Downvote
or you can change the port number to something not very common and only you would know unless they are port scanning, but even if you change it it may cut down on some of them.

Wm. Reynolds
RRWDS | TxPSS


- - - - - - - - - - - - -
Network Error:
Hit any user to continue
 
Upvote 0 Downvote
You could also close Port 21 on your firewall and then VPN into your server and then FTP from there. The speeds will be the same since you can only go as fast as your isps will allow you.
 
Upvote 0 Downvote
I'd do away with the FTP entirely.

What I do is use a web interface instead so I am using port 80. Using ASP code I can upload files to my server and have pages that automatically enumerate the files and create links to them for http access. The ASP pages are easy enough to password protect as well.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
I had the same problem when I was running FTP via IIS and, in this respect MS sucks.

I went to a third part FTP server. Cerberus is free for non commercial use and I can block an IP address after X amount of hits (I set it up for 5 hits from the same IP, I block for 99 hours) and it works great. Definitely keeps away the riff-raff. If I see the same IP address (or IP range) more than once in the logs I just block the entire range. I have every IP class assigned in Korea, Russia and one other country I can't remember off the top of my head, blocked at my firewall. Good luck!

Cheers
Rob
 
Upvote 0 Downvote
Thanks to everyone. I am going to block port 21, it's the easiest most secure way to deal with the issue.

Cheers!
Lou
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
769
DrB0b
DrB0b
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
327
RRankin355
RRankin355
DrB0b
  • Locked
  • Question
FTP Issues
Replies
9
Views
625
SamBones
SamBones
Stijn
  • Locked
  • Question
No access from LAN to FTP-site with SSL
Replies
0
Views
180
Stijn
Stijn
1DMF
  • Locked
  • Question
FTP - home directory inaccessoible
Replies
1
Views
217
1DMF
1DMF

Part and Inventory Search

Sponsor

Back
Top