Page 1 of 1

Anti-hammer settings

Posted: Wed Dec 16, 2009 9:39 pm
by webturtles
Hi
What is the best way to use the anti-hammer settings? I am getting hammered at certain times of the day (port 22), but the anti-hammer doesn't seem to stop the IP address in question!

Thanks
Chris

Re: Anti-hammer settings

Posted: Thu Dec 17, 2009 3:30 am
by FTP
How did you know Anti-Hammer taking no effect? Cound you paste your server log here?

Re: Anti-hammer settings

Posted: Thu Dec 17, 2009 2:15 pm
by webturtles
Here is a flavour of my log. I do apologise, because it looks like the anti-hammer does work (600secs block after 2 tries in 3 secs) on the first couple of IPs, however it didn't stop 88.255.202.101 later on...? Looking through the logs there are various occasions where the anti-hammer doesn't work (e.g. IPs like 59.3.239.114, 218.95.101.87).
V. strange!! Any thoughts?

Thanks
Chris
[02] Wed, 16 Dec 2009 17:46:18 (0014651) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:46:18 (0014651) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:31 (0014653) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:32 (0014654) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:32 (0014653) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:33 IP address:87.194.151.151 is blocked for 600 seconds.
[02] Wed, 16 Dec 2009 17:49:33 (0014655) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:33 (0014654) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:33 (0014655) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 19:17:49 (0015554) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:49 (0015555) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:49 (0015554) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 19:17:50 IP address:78.110.170.108 is blocked for 600 seconds.
[02] Wed, 16 Dec 2009 19:17:50 (0015557) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:50 (0015555) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 19:17:50 (0015557) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 21:44:14 (0015569) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:44:14 (0015569) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:51:44 (0015572) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:48 (0015572) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:51:50 (0015574) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:51 (0015575) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:51 (0015574) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:01 (0015578) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:01 (0015575) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:04 (0015580) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:04 (0015578) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:06 (0015581) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:06 (0015580) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:07 (0015582) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:07 (0015581) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:17 (0015582) Closed session,disconnected from 88.255.202.101

Re: Anti-hammer settings

Posted: Mon Dec 21, 2009 4:01 am
by FTP
Hi,
Which version are you using now?
In 3.2.0 there is a bug about Anti-hammer.
When an IP address is blocked for continuous attempts to log with an invalid name or password, the session is not closed by server.
We have fixed it in the latest version 3.2.4.
Please download it and try again.

Best regards

Re: Anti-hammer settings

Posted: Mon Dec 21, 2009 3:20 pm
by webturtles
I have upgraded, and since then a few bans have gone through then the same IP has hammered the server throughout the day and is not being picked up. Is a simple stop/start of the Wing FTP service enough to get the mods online? The message banner is saying it is version 3.2.4.
Thanks
Chris

Re: Anti-hammer settings

Posted: Thu Dec 24, 2009 8:53 am
by FTP
Hi,
Actually, the server blocked the IP, but the log failed to show this information.
We will fix it in the next version

Thanks for your reporting.
Best Regards