Announcement

Collapse
No announcement yet.

How to block brute force attacks on SBS 2003 FTP server?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to block brute force attacks on SBS 2003 FTP server?

    I have a small network centering around an SBS 2003 box. I have a web server setup and an FTP server each assigned their own Static IP (ISP issued).
    I opened up the event viewer yesterday and noticed that my "security events" were filling rapidly.
    .

  • #2
    Re: How to block brute force attacks on SBS 2003 FTP server?

    Hello and Welcome to Petri's, we hope we can be of help.

    First to start with, we will need to know alittle more then what you have told us.

    First, what type of firewall do you use, as well as AntiVirus?
    2nd, the secruity log will always fill up quickly, was it hundands and hundands of failed items, all from the same IP address?

    If we could get a few screen shots of the events (Please block out domain and user details, as well as public IP's) we could tell you if there is something to worry about, or if its perfectly normal (Example : Trend micro will post a few hundard failed scruity items if its loopback detector is enabled).

    Wofen
    Good to be back....

    Comment


    • #3
      Re: How to block brute force attacks on SBS 2003 FTP server?

      Hi, and welcome.

      If you set up FTP access into any server, there are always no matter who you are thousands of brute force attacks to try and get in, this has been the case for years now.

      With different FTP programs, such as "filezilla" which is free, you can specify how many failed attempts someone is allowed and then what to do when the threshold is reached.

      Unfortunately, with FTP in SBS 2003, this is not the case.

      My guess is you have opened up port 21 direct to your SBS server and now you are getting harrassed.

      In my opinion you have many options, but here a few of the easy ones ;

      1. Only allow port 21 on your firewall from trusted sources, who needs to access the FTP site?

      2. Put your FTP server in a DMZ where no harm can be done to your internal network if someone were to successfully get in via brute force.

      3. This is the one I generally go with in your situation, and that is to install filezilla. Much more control for no cost.

      I don't know what everyone else thinks, but having a SBS server facing the world with port 21 is a no no.

      Thanks

      Ste
      Steven Roberts
      IT Mercenary

      MCITP:EA|MCTS|MCSE 2003 (Messaging and Security)|MCSA 2003 (Messaging and Security)|MCP|Prince2 Practitioner

      Don't forget to click on the Yin-Yang icon to leave reputation points if you think my advice has been worthwhile!

      Comment


      • #4
        Re: How to block brute force attacks on SBS 2003 FTP server?

        Please can you clarify what your setup is. The thread title suggests you have installed the FTP component of IIS on the SBS server, whereas your post suggests that FTP is installed on a separate server.

        What FTP server software are you using? What OS is it running on?
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: How to block brute force attacks on SBS 2003 FTP server?

          Originally posted by mirilamax View Post
          I have a small network centering around an SBS 2003 box. I have a web server setup and an FTP server each assigned their own Static IP (ISP issued).
          I opened up the event viewer yesterday and noticed that my "security events" were filling rapidly.
          .
          I implemented this script... http://blog.netnerds.net/2006/07/iis...administrator/ before trashing IIS FTP all together. Imo IIS FTP is the worst FTP product on the market.

          The script does work though. You can expand it to include any account you want to trigger autoban.
          Andrew

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          Comment


          • #6
            Re: How to block brute force attacks on SBS 2003 FTP server?

            Best idea IMHO is DON'T put FTP on SBS. There are so many SkyDrives, X-Drives etc in the Internet, that I would put your info there and keep your SBS (more) secure.
            TIA

            Steven Teiger [SBS-MVP(2003-2009)]
            http://www.wintra.co.il/
            sigpic
            Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

            We donít stop playing because we grow old, we grow old because we stop playing.

            Comment


            • #7
              Re: How to block brute force attacks on SBS 2003 FTP server?

              Hi ,

              If possible do create a new system a windows 2003 and setup sftp on it ...

              Here is a complete guide...

              http://www.digitalmediaminute.com/ar...ver-on-windows

              Kathy

              Comment


              • #8
                Re: How to block brute force attacks on SBS 2003 FTP server?

                Of course that assumes you have a spare server 2003 license and CALs available.

                I think Steven's solution is much more elegant and MUCH more secure
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment

                Working...
                X