-
FTP Hacking
I am a consultant and I support few SBS 2003 machines. Some of these machines need to run an FTP server which is fine except this is an attack target since there is no time delay after unsuccessful login attempts. I am seeing Event id 529 and 100 in the event viewer logs after these attempts. I have found that it is hacker who is using a script that tries serveral user ids and passwords to hack into the FTP server. The user id of Admin is the most frequently tried and more details can be found in this path C:\WINDOWS\system32\LogFiles\MSFTPSVC1. I am getting the hit for every 10 seconds for many hours at a time. So what I have done to keep my self safe is, I have renamed the server's admin account. I have insured all users that have permission to FTP server to have complex passwords and have also disabled anonumous FTP access. The querie that I have for you is that, where can I find any registry or policy setting or a script to use, so that I can start a time delay after each unsuccessful FTP login attempt? If you know anything about then please let me know? Thanks.
-
You can try to stop using Windows FTP and download and run Filezilla server that doesnt require windows authentication, better control. FileZilla FTP Server is a very good program and it provides no access to your AD, it also locks ips for 1 day after you specify how many attempts.
-
Re: FTP Hacking
Even I agree with the above reply, FileZilla FTP client offers a free and simple interface to use, that will also allow both beginners and advanced users to connect remotely to a server in order to download files. This application is particularly rich in features and supports drag and drop, SSL and SSH can resume updates and interrupted downloads including files of significant size (greater than 4GB).
Page generated in 1,714,309,559.69473 seconds with 11 queries