Anti-hammer settings

Please post here if you have problems in using Wing FTP Server.

Anti-hammer settings

Postby webturtles » Wed Dec 16, 2009 9:39 pm

Hi
What is the best way to use the anti-hammer settings? I am getting hammered at certain times of the day (port 22), but the anti-hammer doesn't seem to stop the IP address in question!

Thanks
Chris
webturtles
 
posts 20
 
joined Fri Dec 11, 2009 10:34 pm

Re: Anti-hammer settings

Postby FTP » Thu Dec 17, 2009 3:30 am

How did you know Anti-Hammer taking no effect? Cound you paste your server log here?
FTP
Site Admin
 
posts 1202
 
joined Tue Sep 29, 2009 6:09 am

Re: Anti-hammer settings

Postby webturtles » Thu Dec 17, 2009 2:15 pm

Here is a flavour of my log. I do apologise, because it looks like the anti-hammer does work (600secs block after 2 tries in 3 secs) on the first couple of IPs, however it didn't stop 88.255.202.101 later on...? Looking through the logs there are various occasions where the anti-hammer doesn't work (e.g. IPs like 59.3.239.114, 218.95.101.87).
V. strange!! Any thoughts?

Thanks
Chris
[02] Wed, 16 Dec 2009 17:46:18 (0014651) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:46:18 (0014651) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:31 (0014653) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:32 (0014654) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:32 (0014653) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:33 IP address:87.194.151.151 is blocked for 600 seconds.
[02] Wed, 16 Dec 2009 17:49:33 (0014655) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:33 (0014654) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:33 (0014655) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 19:17:49 (0015554) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:49 (0015555) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:49 (0015554) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 19:17:50 IP address:78.110.170.108 is blocked for 600 seconds.
[02] Wed, 16 Dec 2009 19:17:50 (0015557) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:50 (0015555) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 19:17:50 (0015557) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 21:44:14 (0015569) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:44:14 (0015569) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:51:44 (0015572) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:48 (0015572) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:51:50 (0015574) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:51 (0015575) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:51 (0015574) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:01 (0015578) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:01 (0015575) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:04 (0015580) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:04 (0015578) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:06 (0015581) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:06 (0015580) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:07 (0015582) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:07 (0015581) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:17 (0015582) Closed session,disconnected from 88.255.202.101
webturtles
 
posts 20
 
joined Fri Dec 11, 2009 10:34 pm

Re: Anti-hammer settings

Postby FTP » Mon Dec 21, 2009 4:01 am

Hi,
Which version are you using now?
In 3.2.0 there is a bug about Anti-hammer.
When an IP address is blocked for continuous attempts to log with an invalid name or password, the session is not closed by server.
We have fixed it in the latest version 3.2.4.
Please download it and try again.

Best regards
FTP
Site Admin
 
posts 1202
 
joined Tue Sep 29, 2009 6:09 am

Re: Anti-hammer settings

Postby webturtles » Mon Dec 21, 2009 3:20 pm

I have upgraded, and since then a few bans have gone through then the same IP has hammered the server throughout the day and is not being picked up. Is a simple stop/start of the Wing FTP service enough to get the mods online? The message banner is saying it is version 3.2.4.
Thanks
Chris
webturtles
 
posts 20
 
joined Fri Dec 11, 2009 10:34 pm

Re: Anti-hammer settings

Postby FTP » Thu Dec 24, 2009 8:53 am

Hi,
Actually, the server blocked the IP, but the log failed to show this information.
We will fix it in the next version

Thanks for your reporting.
Best Regards
FTP
Site Admin
 
posts 1202
 
joined Tue Sep 29, 2009 6:09 am


Return to Support

Who is online

Users browsing this forum: Majestic-12 [Bot] and 1 guest