To protect your FTP server against password guessing attacks, you can enable a "Failed logins policy". This temporarily blocks the account if too many failed logins occur.
You can start up unFTP with the default failed logins policy:
By default, 3 subsequent unsuccessful login attempts block further login attempts for that user orginating from that source IP for 5 minutes.
How to adjust these parameters and the default policy is explained in the sections below.
To change this to block after
5 attempts instead of
unftp --failed-logins-policy --failed-max-attempts 5
To change this to block for 30 minutes (
1800 seconds) instead of 5 minutes (
unftp --failed-logins-policy --failed-expire-after 1800
By default, the temporary block applies to the combination of username and source IP. When an attacker is blocked by this policy, attempts to use other accounts, or attempts from different source IPs can still succeed. You can adjust this behavior by blocking based on source IP or username instead.
Block by source IP instead of both IP and username:
unftp --failed-logins-policy ip
Block by username instead of both IP and username:
unftp --failed-logins-policy user
Be aware that user level -only blocking may also affect legitimate login attempts.
Block an attacker based on source IP for 30 minutes after 5 unsuccessful login attempts:
unftp \ --failed-logins-policy ip \ --failed-max-attempts 5 \ --failed-expire-after 1800
Powered by Doctave