About IP Lockouts

The IP Lockouts feature is designed to thwart dictionary attacks, which can shut down a server by flooding it with connection requests. WS_FTP Server can monitor connection attempts, identify possible abuse, and deny access to the FTP and SSH servers for the offending IP address.

You can set the criteria (connection attempts within a time period) which the IP Lockouts feature uses to block an IP address. If an IP address meets the criteria it is added to the Blacklist and blocked from further connection attempts. You can also specify how long an IP address remains on the blacklist.

Dictionary attacks are usually run by a script, which attempts to make connections randomly. When the connection attempts fail (due to being locked out), the script moves on to another server. So, in most cases, you do not need to keep the IP address in the Blacklist indefinitely. If a previous offender (IP address) tries again, the same IP Lockout Settings apply.

The Blacklist is maintained in the WS_FTP Server database and runs in memory whenever the FTP or SSH servers are running. For this reason, and because dictionary attacks are usually random, it is not necessary to keep entries in the Blacklist indefinitely.

For trusted IP addresses, you can bypass the IP Lockouts feature by adding the IP addresses to the Whitelist.

To enable IP Lockouts, see Configuring IP Lockouts.

We strongly recommend that the IP Lockouts feature be used instead of Access Control because IP Lockouts work at the server-level, blocking access when an offending IP address tries to establish a connection. As a result, the IP Lockouts feature is more efficient and secure, as it identifies an attack when the attack begins and it puts host resources out of reach.

When an IP address is added to Access Control and IP Lockouts is enabled, the IP address does not get added to the Blacklist. The Access Control setting will be used, so the IP address will be able to connect to the server, but then will be blocked at the host-level.