Hi
What is the best way to use the anti-hammer settings? I am getting hammered at certain times of the day (port 22), but the anti-hammer doesn't seem to stop the IP address in question!
Thanks
Chris
Anti-hammer settings
-
- Site Admin
- Posts: 2080
- Joined: Tue Sep 29, 2009 6:09 am
Re: Anti-hammer settings
How did you know Anti-Hammer taking no effect? Cound you paste your server log here?
-
- Posts: 20
- Joined: Fri Dec 11, 2009 10:34 pm
Re: Anti-hammer settings
Here is a flavour of my log. I do apologise, because it looks like the anti-hammer does work (600secs block after 2 tries in 3 secs) on the first couple of IPs, however it didn't stop 88.255.202.101 later on...? Looking through the logs there are various occasions where the anti-hammer doesn't work (e.g. IPs like 59.3.239.114, 218.95.101.87).
V. strange!! Any thoughts?
Thanks
Chris
[02] Wed, 16 Dec 2009 17:46:18 (0014651) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:46:18 (0014651) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:31 (0014653) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:32 (0014654) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:32 (0014653) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:33 IP address:87.194.151.151 is blocked for 600 seconds.
[02] Wed, 16 Dec 2009 17:49:33 (0014655) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:33 (0014654) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:33 (0014655) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 19:17:49 (0015554) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:49 (0015555) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:49 (0015554) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 19:17:50 IP address:78.110.170.108 is blocked for 600 seconds.
[02] Wed, 16 Dec 2009 19:17:50 (0015557) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:50 (0015555) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 19:17:50 (0015557) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 21:44:14 (0015569) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:44:14 (0015569) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:51:44 (0015572) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:48 (0015572) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:51:50 (0015574) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:51 (0015575) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:51 (0015574) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:01 (0015578) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:01 (0015575) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:04 (0015580) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:04 (0015578) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:06 (0015581) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:06 (0015580) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:07 (0015582) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:07 (0015581) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:17 (0015582) Closed session,disconnected from 88.255.202.101
V. strange!! Any thoughts?
Thanks
Chris
[02] Wed, 16 Dec 2009 17:46:18 (0014651) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:46:18 (0014651) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:31 (0014653) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:32 (0014654) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:32 (0014653) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:33 IP address:87.194.151.151 is blocked for 600 seconds.
[02] Wed, 16 Dec 2009 17:49:33 (0014655) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:33 (0014654) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:33 (0014655) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 19:17:49 (0015554) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:49 (0015555) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:49 (0015554) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 19:17:50 IP address:78.110.170.108 is blocked for 600 seconds.
[02] Wed, 16 Dec 2009 19:17:50 (0015557) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:50 (0015555) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 19:17:50 (0015557) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 21:44:14 (0015569) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:44:14 (0015569) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:51:44 (0015572) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:48 (0015572) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:51:50 (0015574) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:51 (0015575) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:51 (0015574) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:01 (0015578) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:01 (0015575) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:04 (0015580) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:04 (0015578) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:06 (0015581) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:06 (0015580) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:07 (0015582) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:07 (0015581) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:17 (0015582) Closed session,disconnected from 88.255.202.101
-
- Site Admin
- Posts: 2080
- Joined: Tue Sep 29, 2009 6:09 am
Re: Anti-hammer settings
Hi,
Which version are you using now?
In 3.2.0 there is a bug about Anti-hammer.
When an IP address is blocked for continuous attempts to log with an invalid name or password, the session is not closed by server.
We have fixed it in the latest version 3.2.4.
Please download it and try again.
Best regards
Which version are you using now?
In 3.2.0 there is a bug about Anti-hammer.
When an IP address is blocked for continuous attempts to log with an invalid name or password, the session is not closed by server.
We have fixed it in the latest version 3.2.4.
Please download it and try again.
Best regards
-
- Posts: 20
- Joined: Fri Dec 11, 2009 10:34 pm
Re: Anti-hammer settings
I have upgraded, and since then a few bans have gone through then the same IP has hammered the server throughout the day and is not being picked up. Is a simple stop/start of the Wing FTP service enough to get the mods online? The message banner is saying it is version 3.2.4.
Thanks
Chris
Thanks
Chris
-
- Site Admin
- Posts: 2080
- Joined: Tue Sep 29, 2009 6:09 am
Re: Anti-hammer settings
Hi,
Actually, the server blocked the IP, but the log failed to show this information.
We will fix it in the next version
Thanks for your reporting.
Best Regards
Actually, the server blocked the IP, but the log failed to show this information.
We will fix it in the next version
Thanks for your reporting.
Best Regards