IP Lockout Settings

How to get here

The IP Lockouts feature is designed to thwart dictionary attacks, which can shut down a server by flooding it with connection requests. WS_FTP Server can monitor connection attempts, identify possible abuse, and deny access to the FTP and SSH servers for the offending IP address. For more information about this feature, see About IP Lockouts.

This page allows you to modify settings that determine if and when to block access from an IP address to your FTP and SSH servers. The settings on this page are applied to all listeners (FTP and SSH).

IP Lockout Settings

These settings determine when an IP address will be added to the Blacklist.

Failed connection attempts. Number of times the IP address attempts to connect to the listener and fails authentication, during the Time period.
Time period. If any one IP address reaches Failed connection attempts within the amount of time specified here, the IP address will be locked out from any further connection attempts.
Blacklist entries expire after. The amount of time after which a locked out IP address will be allowed to again attempt a connection.

When an IP address reaches Connection attempts within the Time period, the IP address is added to the Blacklist. The IP address is removed from the Blacklist after the time period specified in Blacklist entries expire after.

Dictionary attacks are usually run by a script, which attempts to make connections randomly. When the connection attempts fail (due to being locked out), the script moves on to another server. So, in most cases, you do not need to keep the IP address in the Blacklist indefinitely. If a previous offender (IP address) tries again, the same IP Lockout Settings apply.

The Blacklist is maintained in the WS_FTP Server database and runs in memory whenever the FTP or SSH servers are running. For this reason, and because dictionary attacks are usually random, it is not necessary to keep entries in the Blacklist indefinitely.

Blacklist Notifications

This section is used to select one or more notifications to send when IP address entries are added or removed from the Deny List.

Send a notification when
- An IP address is added to the Blacklist. Select this option to send a notification when an IP address is added to the Blacklist.
- An IP address is removed from the Blacklist. Select this option to send a notification when an IP address is removed from the Blacklist (when the entry meets the time specified in Blacklist entries expire after.
Notification. This list contains all of the notifications configured on the current host. Select the checkboxes beside the notifications you want to associate with this rule. To configure a new notification and associate it with this rule, click Create.

Whitelist

Search. Enter an IP address or part of an IP address and click Search to filter the Whitelist. To see a list of all addresses again, click Clear.
Table Columns - click on a column heading to sort in ascending or descending order.
- IP Address. This list contains IP address entries that are always allowed to connect to the server. For the Whitelist, the IP Lockout settings are ignored for these trusted IP addresses.
- Subnet Mask. Identifies the subnetwork (the local network) that the IP address belongs to.
Create. Add an IP address to the Whitelist.
Delete. Remove an IP address from the Whitelist or Blacklist.