SolarWinds | Serv-U
Contact Support: 866-530-8040 | Contact Sales: 855-498-4154 or email | Show Flags | Login
Serv-U FTP Server Home Page
The Best for Less
Secure file transfer & share files
from anywhere - affordably

FREE for 14 Days
Full featured trial with secure
FTP, file sharing & web transfer


Protecting Against Brute Force Attacks  -  KB Article #1685

Related Articles -- 1098, 1304, 1467, 1069

Brute Force Protection In Serv-U

A Brute Force attack is an attempt by a cracker to gain illegitimate access to your system by attempting to login using random usernames in rapid succession. The best way to prevent illegitimate access to your server is to:

  1. Regularly audit your user list to ensure that all users have been given proper permissions.
  2. Enable the "Require complex passwords" option in your domain settings under Limits & Settings | Limits | Passwords | "Require complex passwords".
  3. Enable minimum password length requirements under Limits & Settings | Limits | Passwords | "Minimum password length". Six characters or more is considered more secure.
  4. Enable password expirations under Limits & Settings | Limits | Passwords | "Automatically expire password" to reduce the likelyhood of a compromised password being used for an extended period of time
  5. Enable "anti-hammering" under Server Limits & Settings | Settings

Blocked IP addresses will appear in the IP Access tab from Domain Details.

Only authorized users have accounts, all users have difficult-to-guess passwords, compromised passwords will expire automatically, short passwords will not be present as a security threat, and persistent brute-force attempts will be blocked automatically.

Adding Exceptions

In some cases, automated FTP processes or procedures may accidentally trigger this anti-hammering feature, preventing critical processes from running. Serv-U 9.0 and above counteract this by not automatically blocking users who are allowed in the Serv-U IP Access list. To specify a host who should always be able to connect:

  1. Open the Server Details | IP Access menu
  2. Add a new "Allow" rule for the IP Address of the host (or hosts) that will be making frequent connections. Also add an "Allow" rule for "*" so that general users who do not trip the antihammering rule are not blocked
  3. Click "Save"
  4. Add a new "Allow" rule for "*" (without the quotation marks), and make sure it's on the bottom of the list