Serv-U Security Problems - IP Address Blocks

Here is a starting point for IP address to block.

I would very much like it if Solarwinds followed and implemented changes that the Forums come up with. However given I have seen messages that are 8 years old and I still do not see the requested features added I doubt that this will happen. I could give adjectives to describe Solarwinds, but what would be the point.

This post is to help the community that uses Serv-U and would like to increase there security by blocking a few IP addresses.

Best of Luck,

Tracybad-list.csv

Parents
  • Hope this is On Topic - the rule to block a "user" who tries 4 times in 30 seconds and block for 5 minutes may punish a "person" but not a BOT

    Changing the rule to, 4 times in 8 seconds and block forever will not likely block a person, "what person tries 4 times in 8 seconds?", but this seems harsh, and may block a BOT, but not all BOTs; some are sophisticated and try on one IP, see when they're blocked and with a different IP then try 3 times every 60 seconds FOREVER

    There should be an unlimited number of Rules not One Rule. And with just a little bit of thinking, create a few rules that will make it difficult for BOTs to make too many attempts before they're blocked.

    And last shot on this, if the rule is 4 times in 8 seconds, the block does not occur until 8 seconds, so if a BOT tries 5 or more times, they should be immediately blocked, but what I've seen in the logs, is that the programmers setup to wait till 8 seconds (whatever the value is in seconds, I'm simply using 8 seconds here), the keyword "within" means for example 6 times in 7 seconds they're blocked, but that's not what happens.

    Please fix the bug, and add more rules.

    Thanks

Reply
  • Hope this is On Topic - the rule to block a "user" who tries 4 times in 30 seconds and block for 5 minutes may punish a "person" but not a BOT

    Changing the rule to, 4 times in 8 seconds and block forever will not likely block a person, "what person tries 4 times in 8 seconds?", but this seems harsh, and may block a BOT, but not all BOTs; some are sophisticated and try on one IP, see when they're blocked and with a different IP then try 3 times every 60 seconds FOREVER

    There should be an unlimited number of Rules not One Rule. And with just a little bit of thinking, create a few rules that will make it difficult for BOTs to make too many attempts before they're blocked.

    And last shot on this, if the rule is 4 times in 8 seconds, the block does not occur until 8 seconds, so if a BOT tries 5 or more times, they should be immediately blocked, but what I've seen in the logs, is that the programmers setup to wait till 8 seconds (whatever the value is in seconds, I'm simply using 8 seconds here), the keyword "within" means for example 6 times in 7 seconds they're blocked, but that's not what happens.

    Please fix the bug, and add more rules.

    Thanks

Children
No Data