Better defences against bruteforce FTP Attacks RRS feed

  • Question

  • User467693768 posted

    It blows my mind that IIS has an FTP Service that doesn't have a single defence against password bruteforce attacks. 

    10 days after spinning up my FTP server, i've gotten several attacks were a single IP have tried 200+ user/password combinations. 

    so far, the only bad thing that has happened is that i've gained some rather large LOG files, but no one has gotten through - luckely i have strong passwords. 

    So my feature request is obviously some options to automatically block hackers by their IP, after X failed attempts. 

    More options to block attackers are welcome too !


    IIS 8.0 solves this issue:  http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-ftp-logon-attempt-restrictions

    So i guess i have to upgrade to IIS 8.0 Express ... hmmm... i wonder what the difference to Win7 IIS 7.5 is.. 

    Tuesday, March 18, 2014 5:18 PM

All replies

  • User690216013 posted

    To be more specific, you need to upgrade to Windows Server 2012 and above.

    IIS 8 Express is a development server for HTTP/HTTPS so it does not support FTP at all.

    Tuesday, March 18, 2014 9:10 PM
  • User467693768 posted

    dammit... i knew something was missing in the express...

    Well, im NOT going to install Server 2012 nor Windows 8 ... its just too horrible to borther with. 

    I guess i'll continue my endeavour to extend IIS 7.5 with a custom Authentication :)

    Thanks !

    Wednesday, March 19, 2014 9:11 AM