Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO

Blacklist IPs from attempted logins with usernames "root" or "admin"

0 votes
20 views
asked Feb 9 in General by mehitchcock (120 points)
Is there a way I can permanently blacklist or at least auto-ban any IP trying to login with the usernames "root" or "admin"?  I get tens of thousands of invalid logins every day on my current SFTP server and I'm evaluating CompleteFTP to replace it.  I can't do whitelisting since my clients would connect from anywhere.  I am currently evaluating the enterprise version and have written a custom authenticator which works great.  Unfortunately I won't really know how effective the auto-ban will be until I put this server in production.  I'm also looking for a way to automatically blacklist IP addresses on the auto-ban list.  I see that I can do it manually, but I was wondering if it could be done on a trigger.  I'm thinking that it might be easier to remove IPs from people blacklisted in error than to fight the billions of zombie computers on a daily basis.

1 Answer

0 votes
answered Feb 9 by Admin (1,640 points)

If there was a function to add an IP filter rule (i.e. blacklist) from a script then you could:

  1. call that function from your custom authenticator if the user-name is root or admin, and
  2. create a JSS process trigger on the auto-ban event and call that function from there, thus making all auto-bans permanent.

Would that cover your requirements?

...