Protecting Against Brute Force Attacks - KB Article #1685Related Articles -- 1098, 1304, 1467, 1069
Brute Force Protection In Serv-U
A Brute Force attack is an attempt by a cracker to gain illegitimate access to your system by attempting to login using random usernames in rapid succession. The best way to prevent illegitimate access to your server is to:
- Regularly audit your user list to ensure that all users have been given proper permissions.
- Enable the "Require complex passwords" option in your domain settings under Limits & Settings | Limits | Passwords | "Require complex passwords".
- Enable minimum password length requirements under Limits & Settings | Limits | Passwords | "Minimum password length". Six characters or more is considered more secure.
- Enable password expirations under Limits & Settings | Limits | Passwords | "Automatically expire password" to reduce the likelyhood of a compromised password being used for an extended period of time
- Enable "anti-hammering" under Server Limits & Settings | Settings
Blocked IP addresses will appear in the IP Access tab from Domain Details.
Only authorized users have accounts, all users have difficult-to-guess passwords, compromised passwords will expire automatically, short passwords will not be present as a security threat, and persistent brute-force attempts will be blocked automatically.
In some cases, automated FTP processes or procedures may accidentally trigger this anti-hammering feature, preventing critical processes from running. Serv-U 9.0 and above counteract this by not automatically blocking users who are allowed in the Serv-U IP Access list. To specify a host who should always be able to connect:
- Open the Server Details | IP Access menu
- Add a new "Allow" rule for the IP Address of the host (or hosts) that will be making frequent connections. Also add an "Allow" rule for "*" so that general users who do not trip the antihammering rule are not blocked
- Click "Save"
- Add a new "Allow" rule for "*" (without the quotation marks), and make sure it's on the bottom of the list