Serv-U Security Problems - IP Address Blocks

Hope this is On Topic - the rule to block a "user" who tries 4 times in 30 seconds and block for 5 minutes may punish a "person" but not a BOT

Changing the rule to, 4 times in 8 seconds and block forever will not likely block a person, "what person tries 4 times in 8 seconds?", but this seems harsh, and may block a BOT, but not all BOTs; some are sophisticated and try on one IP, see when they're blocked and with a different IP then try 3 times every 60 seconds FOREVER

There should be an unlimited number of Rules not One Rule. And with just a little bit of thinking, create a few rules that will make it difficult for BOTs to make too many attempts before they're blocked.

And last shot on this, if the rule is 4 times in 8 seconds, the block does not occur until 8 seconds, so if a BOT tries 5 or more times, they should be immediately blocked, but what I've seen in the logs, is that the programmers setup to wait till 8 seconds (whatever the value is in seconds, I'm simply using 8 seconds here), the keyword "within" means for example 6 times in 7 seconds they're blocked, but that's not what happens.

Please fix the bug, and add more rules.

Thanks

This is a long overdue request found in previous posts as well. Including "blacklisted" usernames which also trigger immediate block and country CIDr blocks.

here, here..!

But the items to block by are too limited, consider that what I've seen is hackers guessing at the User Name, they could get lucky. And also what appears to be a bot set to get caught/blocked but then use the default SW as key, and then work-around, And also a bug, if it was 4 tires in 6 minutes, the next attack was 3 tries every 10 minutes and was never caught, so there should be more than one-rule to block. Consider that a user will not try 3-4 times in 30 seconds, but a bot will.

For our install we have two domains, one white-list only works great, but we have another for our partners w/out static IP, so we allow all and block by rule, but that catches only those that the rule catches. A few times a month I check for users not in our list and block those IP.

...rant over, wish'n all a good day

here, here..!

But the items to block by are too limited, consider that what I've seen is hackers guessing at the User Name, they could get lucky. And also what appears to be a bot set to get caught/blocked but then use the default SW as key, and then work-around, And also a bug, if it was 4 tires in 6 minutes, the next attack was 3 tries every 10 minutes and was never caught, so there should be more than one-rule to block. Consider that a user will not try 3-4 times in 30 seconds, but a bot will.

For our install we have two domains, one white-list only works great, but we have another for our partners w/out static IP, so we allow all and block by rule, but that catches only those that the rule catches. A few times a month I check for users not in our list and block those IP.

...rant over, wish'n all a good day

Please submit to support so this is included as a formal feature request

so, yes it has been thanks.
But that's part of the problem, I'm a knuckle head, and what I say should be well, well below what a Company like SW is capable of developing to thwart hackers & bots

Great, yes I'm always happy to see further features to reduce that!!

I should'a posted this for easier finding... well painful reading
Anyway, there are logs attached to show how bots, with the most simple methods, even a human could do it, change the recency & frequency of attempts to fall w/in the One-F'n-Rule, there should be unlimited rules w/user responsible to adjust as needed but sure, it should come w/some logical simple rules, like at least 3 as default
thwack.solarwinds.com/.../serv-u-mftp-gateway---security