Anti-hammer settings

Please post here if you have problems in using Wing FTP Server.
Post Reply
webturtles
Posts: 20
Joined: Fri Dec 11, 2009 10:34 pm

Anti-hammer settings

Post by webturtles »

Hi
What is the best way to use the anti-hammer settings? I am getting hammered at certain times of the day (port 22), but the anti-hammer doesn't seem to stop the IP address in question!

Thanks
Chris
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Anti-hammer settings

Post by FTP »

How did you know Anti-Hammer taking no effect? Cound you paste your server log here?
webturtles
Posts: 20
Joined: Fri Dec 11, 2009 10:34 pm

Re: Anti-hammer settings

Post by webturtles »

Here is a flavour of my log. I do apologise, because it looks like the anti-hammer does work (600secs block after 2 tries in 3 secs) on the first couple of IPs, however it didn't stop 88.255.202.101 later on...? Looking through the logs there are various occasions where the anti-hammer doesn't work (e.g. IPs like 59.3.239.114, 218.95.101.87).
V. strange!! Any thoughts?

Thanks
Chris
[02] Wed, 16 Dec 2009 17:46:18 (0014651) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:46:18 (0014651) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:31 (0014653) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:32 (0014654) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:32 (0014653) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:33 IP address:87.194.151.151 is blocked for 600 seconds.
[02] Wed, 16 Dec 2009 17:49:33 (0014655) Connected from 87.194.151.151 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 17:49:33 (0014654) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 17:49:33 (0014655) Closed session,disconnected from 87.194.151.151
[02] Wed, 16 Dec 2009 19:17:49 (0015554) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:49 (0015555) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:49 (0015554) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 19:17:50 IP address:78.110.170.108 is blocked for 600 seconds.
[02] Wed, 16 Dec 2009 19:17:50 (0015557) Connected from 78.110.170.108 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 19:17:50 (0015555) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 19:17:50 (0015557) Closed session,disconnected from 78.110.170.108
[02] Wed, 16 Dec 2009 21:44:14 (0015569) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:44:14 (0015569) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:51:44 (0015572) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:48 (0015572) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:51:50 (0015574) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:51 (0015575) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:51:51 (0015574) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:01 (0015578) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:01 (0015575) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:04 (0015580) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:04 (0015578) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:06 (0015581) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:06 (0015580) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:07 (0015582) Connected from 88.255.202.101 (local address 89.151.xxx.xx, port 22)
[02] Wed, 16 Dec 2009 21:52:07 (0015581) Closed session,disconnected from 88.255.202.101
[02] Wed, 16 Dec 2009 21:52:17 (0015582) Closed session,disconnected from 88.255.202.101
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Anti-hammer settings

Post by FTP »

Hi,
Which version are you using now?
In 3.2.0 there is a bug about Anti-hammer.
When an IP address is blocked for continuous attempts to log with an invalid name or password, the session is not closed by server.
We have fixed it in the latest version 3.2.4.
Please download it and try again.

Best regards
webturtles
Posts: 20
Joined: Fri Dec 11, 2009 10:34 pm

Re: Anti-hammer settings

Post by webturtles »

I have upgraded, and since then a few bans have gone through then the same IP has hammered the server throughout the day and is not being picked up. Is a simple stop/start of the Wing FTP service enough to get the mods online? The message banner is saying it is version 3.2.4.
Thanks
Chris
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Anti-hammer settings

Post by FTP »

Hi,
Actually, the server blocked the IP, but the log failed to show this information.
We will fix it in the next version

Thanks for your reporting.
Best Regards
Post Reply