Serv-U Security Problems - IP Address Blocks

Here is a starting point for IP address to block.

I would very much like it if Solarwinds followed and implemented changes that the Forums come up with. However given I have seen messages that are 8 years old and I still do not see the requested features added I doubt that this will happen. I could give adjectives to describe Solarwinds, but what would be the point.

This post is to help the community that uses Serv-U and would like to increase there security by blocking a few IP addresses.

Best of Luck,

Tracybad-list.csv

  • You can add IP Acess rules to block IPs / ranges / networks in Serv-U at various different levels. However if it is a big list, you may want to add them to the server's firewall or a firewall outside of the server to prevent them connecting.

    It would be useful to have an ability to add large lists by importing into Serv-U rather than adding manually but the above are workarounds for you.

  • Hope this is On Topic - the rule to block a "user" who tries 4 times in 30 seconds and block for 5 minutes may punish a "person" but not a BOT

    Changing the rule to, 4 times in 8 seconds and block forever will not likely block a person, "what person tries 4 times in 8 seconds?", but this seems harsh, and may block a BOT, but not all BOTs; some are sophisticated and try on one IP, see when they're blocked and with a different IP then try 3 times every 60 seconds FOREVER

    There should be an unlimited number of Rules not One Rule. And with just a little bit of thinking, create a few rules that will make it difficult for BOTs to make too many attempts before they're blocked.

    And last shot on this, if the rule is 4 times in 8 seconds, the block does not occur until 8 seconds, so if a BOT tries 5 or more times, they should be immediately blocked, but what I've seen in the logs, is that the programmers setup to wait till 8 seconds (whatever the value is in seconds, I'm simply using 8 seconds here), the keyword "within" means for example 6 times in 7 seconds they're blocked, but that's not what happens.

    Please fix the bug, and add more rules.

    Thanks