I am a consultant and I support few SBS 2003 machines. Some of these machines need to run an FTP server which is fine except this is an attack target since there is no time delay after unsuccessful login attempts. I am seeing Event id 529 and 100 in the event viewer logs after these attempts. I have found that it is hacker who is using a script that tries serveral user ids and passwords to hack into the FTP server. The user id of Admin is the most frequently tried and more details can be found in this path C:\WINDOWS\system32\LogFiles\MSFTPSVC1. I am getting the hit for every 10 seconds for many hours at a time. So what I have done to keep my self safe is, I have renamed the server's admin account. I have insured all users that have permission to FTP server to have complex passwords and have also disabled anonumous FTP access. The querie that I have for you is that, where can I find any registry or policy setting or a script to use, so that I can start a time delay after each unsuccessful FTP login attempt? If you know anything about then please let me know? Thanks.
Bookmarks