Start a new topic

Problem with disabled accounts

markus @ Thu Jun 26 04:43:34 EEST 2014
We currently use the default setting for the bann/hammering of IP adresses and also the default setting for disabling the account in the restriction section of the user.
And i happens quite often that a account has been blocked, during the following steps.
A client tries first as user anonymous ~5 - 10 times and then the same client use the username and Password (seems a default setting for some FTP Clients). But during the anonymous logon tries the ip address is banned, and it looks like that the same procedure also disable the user.

So the question is how to configure it in the right way, that the user will only blocked if a wrong password is used.

And how to create an alert if a user is disabled. I found only a predefined alert if an ip is banned.

regards
Markus

spinkb @ Thu Jun 26 04:45:49 EEST 2014
Do you have a screenshot of your banning settings?

Its not normal that a default connection forma client will trigger a ban.

Also, what exact CrushFTP version is this?

Thanks,
Ben
markus @ Thu Jun 26 05:30:12 EEST 2014
In the screenshot you see also the Version nr.
http://212.108.34.107/?u=d7HAvX&p=zYslMp&path=/bann-setting.JPG

Do you have any Information to create an alert if a users is deactivated during to many logon failures?
Regards
Markus
spinkb @ Thu Jun 26 05:48:19 EEST 2014
I would lower all your attempts to "in 5 seconds" as a robot would exceed that limit, and that is what your really trying to catch.

Accounts are not deactivated, but the user's IP is actually banned. You can make an alert in the prefs to notify you when an IP is banned if you like.

Thanks,
Ben
markus @ Thu Jun 26 05:55:05 EEST 2014
Ok i will lower it to 5 seconds and check monitor it
Login to post a comment