The IP Lockouts feature is designed to thwart dictionary attacks, which can shut down a server by flooding it with connection requests. WS_FTP Server can monitor connection attempts, identify possible abuse, and deny access to the FTP and SSH servers for the offending IP address. For more information about this feature, see About IP Lockouts.
This page allows you to modify settings that determine if and when to block access from an IP address to your FTP and SSH servers. The settings on this page are applied to all listeners (FTP and SSH).
If you have installed the Ad Hoc Transfer Module, then you must reset Microsoft IIS before any changes you make to the IP Lockout settings will take effect for Ad Hoc Transfer users.
These settings determine when an IP address will be added to the Blacklist.
When an IP address reaches Connection attempts within the Time period, the IP address is added to the Blacklist. The IP address is removed from the Blacklist after the time period specified in Blacklist entries expire after.
Dictionary attacks are usually run by a script, which attempts to make connections randomly. When the connection attempts fail (due to being locked out), the script moves on to another server. So, in most cases, you do not need to keep the IP address in the Blacklist indefinitely. If a previous offender (IP address) tries again, the same IP Lockout Settings apply.
The Blacklist is maintained in the WS_FTP Server database and runs in memory whenever the FTP or SSH servers are running. For this reason, and because dictionary attacks are usually random, it is not necessary to keep entries in the Blacklist indefinitely.
This section is used to select one or more notifications to send when the system adds or removes IP addresses from the Deny List.
Note: The system will not trigger notifications when you manually add or remove an IP address. The system only notifies when an automatic addition or removal of an IP address occurs.