Page 1 of 2

Anti hammer and banlist (IP Access)

Posted: Fri Jan 07, 2011 4:37 am
by Djfx*
would it be possible to add a option to add a ip to the domain banlist if the anti-hammer rule get`s broken?

it`s a pretty good system to make a server a lot more secure!

thx!

Re: Anti hammer and banlist (IP Access)

Posted: Fri Jan 07, 2011 6:43 am
by FTP
If my understanding is right, you want to add the IP into domain banlist if it exceeds the max failed login tries. right?

Yes, Wing FTP Server can handle it of course, because Wing FTP Server supports Lua scripts and it is very flexible, you just need to add the following scripts into the Event "OnExceedUSERPASS":

local tabIPMask = c_GetIPMaskList("%Domain")
table.insert(tabIPMask,{"%IP",true})
c_SetIPMaskList("%Domain",tabIPMask)

Re: Anti hammer and banlist (IP Access)

Posted: Mon Jan 10, 2011 12:32 am
by Djfx*
yes that`s what i ment :)

alltho i didnt get it to work.. i tryed pasting it straight inn the Lua console. i changed from %Domain to %mydomain

i allso looked in the wing ftp root dir under lua but no sutch file as OnExceedUSERPASS

allso i got 4 domains up right now. how would the script look like if i`d like to add the ip`s to the global banlist instead of the domain specific list so the other domain`s wont be available nether??

thx for the help so far!
Dj

Re: Anti hammer and banlist (IP Access)

Posted: Mon Jan 10, 2011 3:31 am
by FTP
Hi, it is under "Domain -> Event Manager -> FTP(or HTTP, SSH) Events -> OnExceedUSERPASS"

Re: Anti hammer and banlist (IP Access)

Posted: Wed Feb 02, 2011 4:42 pm
by gockenbr
Sorry for piggy backing on the thread but I was looking to do the same type of thing. I entered in the lua scritpt:

local tabIPMask = c_GetIPMaskList("%Domain")
table.insert(tabIPMask,{"%IP",true})
c_SetIPMaskList("%Domain",tabIPMask)

as you suggested. It works great for the first IP it blocks. however any other IP that gets entered after goofs the list. It basically makes all other blank allows or denied statements. For instance if by default I have *.*.*.* set to allowed and a IP gets denied added via the above script, all connections seem to get blocked. When looking at the IP access list I see the line that I had put in for the default allow however the *.*.*.* now shows nothing. Any ideas?

Also it seems like this script adds the denied IP to the bottom of the list. I'd like it to add it to the top of the list so my default *.*.*.* allow stays at the bottom for its intended purpose.

Please advise.

Re: Anti hammer and banlist (IP Access)

Posted: Thu Feb 03, 2011 5:34 pm
by FTP
In such situation, allowing " *.*.*.* " doesn't make any sense, please remove this rule.

Re: Anti hammer and banlist (IP Access)

Posted: Thu Feb 03, 2011 8:12 pm
by gockenbr
Ok I removed the rule. Again everything works until a IP gets added via the script at which point all others still show the deny line but the IP's get removed.

-B

Re: Anti hammer and banlist (IP Access)

Posted: Fri Feb 04, 2011 7:17 am
by FTP
Which version of Wing FTP Server are you using? Still banned all the IPs?

Re: Anti hammer and banlist (IP Access)

Posted: Fri Feb 04, 2011 3:32 pm
by gockenbr
I have the lastest version 3.7.5 installed.

Yes it appears that all IP's get blocked once this happens. After doing some more testing after the initial IP gets blocked all appears to be fine. but once the second IP gets blocked it changes the deny statement for the first IP to allow and removes the IP information. Once that happens noone can connect to the server. I have screenshot and logs if you have somewhere for me to send them to.

Re: Anti hammer and banlist (IP Access)

Posted: Fri Feb 04, 2011 4:11 pm
by FTP
OK, please try the following code:

Code: Select all

local ipmasks = c_GetIPMaskList("%Domain")
local domain_ipmasks = {}
if type(ipmasks) == "table" then
   for _,ipmask in pairs(ipmasks) do
      local temp = {}
      table.insert(temp,ipmask.ip)
      table.insert(temp,ipmask.refuse)
      table.insert(domain_ipmasks,temp)
   end
end
table.insert(domain_ipmasks,{"%IP",true})
c_SetIPMaskList("%Domain",domain_ipmasks)